Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2024-30260
Vulnerability from cvelistv5
Published
2024-04-04 15:15
Modified
2025-02-13 17:47
Severity ?
EPSS score ?
Summary
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
References
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-30260", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-05T13:43:37.003793Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:38:49.201Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:32:05.438Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7", }, { name: "https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f", }, { name: "https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "undici", vendor: "nodejs", versions: [ { status: "affected", version: "< 5.28.4", }, { status: "affected", version: ">= 6.0.0, < 6.11.1", }, ], }, ], descriptions: [ { lang: "en", value: "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-285", description: "CWE-285: Improper Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-19T23:06:41.342Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7", }, { name: "https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f", tags: [ "x_refsource_MISC", ], url: "https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f", }, { name: "https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75", tags: [ "x_refsource_MISC", ], url: "https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/", }, ], source: { advisory: "GHSA-m4v8-wqvr-p9f7", discovery: "UNKNOWN", }, title: "Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2024-30260", datePublished: "2024-04-04T15:15:44.653Z", dateReserved: "2024-03-26T12:52:00.934Z", dateUpdated: "2025-02-13T17:47:47.503Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*\", \"versionEndExcluding\": \"5.28.4\", \"matchCriteriaId\": \"27A8308B-0EB3-454E-A010-12138A99119D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndExcluding\": \"6.11.1\", \"matchCriteriaId\": \"89E57BC8-475F-4BE0-8BB4-285512F8D177\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA277A6C-83EC-4536-9125-97B84C4FAF59\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.\\n\"}, {\"lang\": \"es\", \"value\": \"Undici es un cliente HTTP/1.1, escrito desde cero para Node.js. Undici borr\\u00f3 los encabezados Authorization y Proxy-Authorization para `fetch()`, pero no los borr\\u00f3 para `undici.request()`. Esta vulnerabilidad fue parcheada en las versiones 5.28.4 y 6.11.1.\"}]", id: "CVE-2024-30260", lastModified: "2024-12-18T19:19:52.700", metrics: "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L\", \"baseScore\": 3.9, \"baseSeverity\": \"LOW\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 0.5, \"impactScore\": 3.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 0.9, \"impactScore\": 3.4}]}", published: "2024-04-04T16:15:08.877", references: "[{\"url\": \"https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Product\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Product\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Product\"]}, {\"url\": \"https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\"]}]", sourceIdentifier: "security-advisories@github.com", vulnStatus: "Analyzed", weaknesses: "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-285\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2024-30260\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-04-04T16:15:08.877\",\"lastModified\":\"2025-02-13T18:17:58.480\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.\"},{\"lang\":\"es\",\"value\":\"Undici es un cliente HTTP/1.1, escrito desde cero para Node.js. Undici borró los encabezados Authorization y Proxy-Authorization para `fetch()`, pero no los borró para `undici.request()`. Esta vulnerabilidad fue parcheada en las versiones 5.28.4 y 6.11.1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L\",\"baseScore\":3.9,\"baseSeverity\":\"LOW\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.5,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.9,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-285\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"5.28.4\",\"matchCriteriaId\":\"27A8308B-0EB3-454E-A010-12138A99119D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndExcluding\":\"6.11.1\",\"matchCriteriaId\":\"89E57BC8-475F-4BE0-8BB4-285512F8D177\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC559B26-5DFC-4B7A-A27C-B77DE755DFF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA277A6C-83EC-4536-9125-97B84C4FAF59\"}]}]}],\"references\":[{\"url\":\"https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7\", \"name\": \"https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f\", \"name\": \"https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75\", \"name\": \"https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T01:32:05.438Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-30260\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-05T13:43:37.003793Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-23T19:01:22.163Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"title\": \"Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline\", \"source\": {\"advisory\": \"GHSA-m4v8-wqvr-p9f7\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 3.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"nodejs\", \"product\": \"undici\", \"versions\": [{\"status\": \"affected\", \"version\": \"< 5.28.4\"}, {\"status\": \"affected\", \"version\": \">= 6.0.0, < 6.11.1\"}]}], \"references\": [{\"url\": \"https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7\", \"name\": \"https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f\", \"name\": \"https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75\", \"name\": \"https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.\\n\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-285\", \"description\": \"CWE-285: Improper Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-04-04T15:15:44.653Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2024-30260\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T01:32:05.438Z\", \"dateReserved\": \"2024-03-26T12:52:00.934Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-04-04T15:15:44.653Z\", \"assignerShortName\": \"GitHub_M\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
fkie_cve-2024-30260
Vulnerability from fkie_nvd
Published
2024-04-04 16:15
Modified
2025-02-13 18:17
Severity ?
3.9 (Low) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Summary
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nodejs | undici | * | |
| nodejs | undici | * | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 | |
| fedoraproject | fedora | 40 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*", matchCriteriaId: "27A8308B-0EB3-454E-A010-12138A99119D", versionEndExcluding: "5.28.4", vulnerable: true, }, { criteria: "cpe:2.3:a:nodejs:undici:*:*:*:*:*:node.js:*:*", matchCriteriaId: "89E57BC8-475F-4BE0-8BB4-285512F8D177", versionEndExcluding: "6.11.1", versionStartIncluding: "6.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", matchCriteriaId: "CA277A6C-83EC-4536-9125-97B84C4FAF59", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.", }, { lang: "es", value: "Undici es un cliente HTTP/1.1, escrito desde cero para Node.js. Undici borró los encabezados Authorization y Proxy-Authorization para `fetch()`, pero no los borró para `undici.request()`. Esta vulnerabilidad fue parcheada en las versiones 5.28.4 y 6.11.1.", }, ], id: "CVE-2024-30260", lastModified: "2025-02-13T18:17:58.480", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 0.5, impactScore: 3.4, source: "security-advisories@github.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 0.9, impactScore: 3.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-04-04T16:15:08.877", references: [ { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f", }, { source: "security-advisories@github.com", tags: [ "Patch", ], url: "https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75", }, { source: "security-advisories@github.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7", }, { source: "security-advisories@github.com", tags: [ "Product", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/", }, { source: "security-advisories@github.com", tags: [ "Product", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/", }, { source: "security-advisories@github.com", tags: [ "Product", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Product", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-285", }, ], source: "security-advisories@github.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-863", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
suse-su-2024:1301-1
Vulnerability from csaf_suse
Published
2024-04-16 01:33
Modified
2024-04-16 01:33
Summary
Security update for nodejs20
Notes
Title of the patch
Security update for nodejs20
Description of the patch
This update for nodejs20 fixes the following issues:
Update to 20.12.1
Security fixes:
- CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244)
- CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384)
- CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici (bsc#1222530)
- CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici (bsc#1222603)
- CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv (bsc#1220053)
Patchnames
SUSE-2024-1301,SUSE-SLE-Module-Web-Scripting-15-SP5-2024-1301,openSUSE-SLE-15.5-2024-1301
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for nodejs20", title: "Title of the patch", }, { category: "description", text: "This update for nodejs20 fixes the following issues:\n\nUpdate to 20.12.1\n\nSecurity fixes:\n\n - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244)\n - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384)\n - CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici (bsc#1222530)\n - CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici (bsc#1222603) \n - CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv (bsc#1220053)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2024-1301,SUSE-SLE-Module-Web-Scripting-15-SP5-2024-1301,openSUSE-SLE-15.5-2024-1301", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1301-1.json", }, { category: "self", summary: "URL for SUSE-SU-2024:1301-1", url: "https://www.suse.com/support/update/announcement/2024/suse-su-20241301-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2024:1301-1", url: "https://lists.suse.com/pipermail/sle-updates/2024-April/034986.html", }, { category: "self", summary: "SUSE Bug 1220053", url: "https://bugzilla.suse.com/1220053", }, { category: "self", summary: "SUSE Bug 1222244", url: "https://bugzilla.suse.com/1222244", }, { category: "self", summary: "SUSE Bug 1222384", url: "https://bugzilla.suse.com/1222384", }, { category: "self", summary: "SUSE Bug 1222530", url: "https://bugzilla.suse.com/1222530", }, { category: "self", summary: "SUSE Bug 1222603", url: "https://bugzilla.suse.com/1222603", }, { category: "self", summary: "SUSE CVE CVE-2024-24806 page", url: "https://www.suse.com/security/cve/CVE-2024-24806/", }, { category: "self", summary: "SUSE CVE CVE-2024-27982 page", url: "https://www.suse.com/security/cve/CVE-2024-27982/", }, { category: "self", summary: "SUSE CVE CVE-2024-27983 page", url: "https://www.suse.com/security/cve/CVE-2024-27983/", }, { category: "self", summary: "SUSE CVE CVE-2024-30260 page", url: "https://www.suse.com/security/cve/CVE-2024-30260/", }, { category: "self", summary: "SUSE CVE CVE-2024-30261 page", url: "https://www.suse.com/security/cve/CVE-2024-30261/", }, ], title: "Security update for nodejs20", tracking: { current_release_date: "2024-04-16T01:33:32Z", generator: { date: "2024-04-16T01:33:32Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2024:1301-1", initial_release_date: "2024-04-16T01:33:32Z", revision_history: [ { date: "2024-04-16T01:33:32Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "corepack20-20.12.1-150500.11.9.2.aarch64", product: { name: "corepack20-20.12.1-150500.11.9.2.aarch64", product_id: "corepack20-20.12.1-150500.11.9.2.aarch64", }, }, { category: "product_version", name: "nodejs20-20.12.1-150500.11.9.2.aarch64", product: { name: "nodejs20-20.12.1-150500.11.9.2.aarch64", product_id: "nodejs20-20.12.1-150500.11.9.2.aarch64", }, }, { category: "product_version", name: "nodejs20-devel-20.12.1-150500.11.9.2.aarch64", product: { name: "nodejs20-devel-20.12.1-150500.11.9.2.aarch64", product_id: "nodejs20-devel-20.12.1-150500.11.9.2.aarch64", }, }, { category: "product_version", name: "npm20-20.12.1-150500.11.9.2.aarch64", product: { name: "npm20-20.12.1-150500.11.9.2.aarch64", product_id: "npm20-20.12.1-150500.11.9.2.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "corepack20-20.12.1-150500.11.9.2.i586", product: { name: "corepack20-20.12.1-150500.11.9.2.i586", product_id: "corepack20-20.12.1-150500.11.9.2.i586", }, }, { category: "product_version", name: "nodejs20-20.12.1-150500.11.9.2.i586", product: { name: "nodejs20-20.12.1-150500.11.9.2.i586", product_id: "nodejs20-20.12.1-150500.11.9.2.i586", }, }, { category: "product_version", name: "nodejs20-devel-20.12.1-150500.11.9.2.i586", product: { name: "nodejs20-devel-20.12.1-150500.11.9.2.i586", product_id: "nodejs20-devel-20.12.1-150500.11.9.2.i586", }, }, { category: "product_version", name: "npm20-20.12.1-150500.11.9.2.i586", product: { name: "npm20-20.12.1-150500.11.9.2.i586", product_id: "npm20-20.12.1-150500.11.9.2.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "nodejs20-docs-20.12.1-150500.11.9.2.noarch", product: { name: "nodejs20-docs-20.12.1-150500.11.9.2.noarch", product_id: "nodejs20-docs-20.12.1-150500.11.9.2.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "corepack20-20.12.1-150500.11.9.2.ppc64le", product: { name: "corepack20-20.12.1-150500.11.9.2.ppc64le", product_id: "corepack20-20.12.1-150500.11.9.2.ppc64le", }, }, { category: "product_version", name: "nodejs20-20.12.1-150500.11.9.2.ppc64le", product: { name: "nodejs20-20.12.1-150500.11.9.2.ppc64le", product_id: "nodejs20-20.12.1-150500.11.9.2.ppc64le", }, }, { category: "product_version", name: "nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", product: { name: "nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", product_id: "nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", }, }, { category: "product_version", name: "npm20-20.12.1-150500.11.9.2.ppc64le", product: { name: "npm20-20.12.1-150500.11.9.2.ppc64le", product_id: "npm20-20.12.1-150500.11.9.2.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "corepack20-20.12.1-150500.11.9.2.s390x", product: { name: "corepack20-20.12.1-150500.11.9.2.s390x", product_id: "corepack20-20.12.1-150500.11.9.2.s390x", }, }, { category: "product_version", name: "nodejs20-20.12.1-150500.11.9.2.s390x", product: { name: "nodejs20-20.12.1-150500.11.9.2.s390x", product_id: "nodejs20-20.12.1-150500.11.9.2.s390x", }, }, { category: "product_version", name: "nodejs20-devel-20.12.1-150500.11.9.2.s390x", product: { name: "nodejs20-devel-20.12.1-150500.11.9.2.s390x", product_id: "nodejs20-devel-20.12.1-150500.11.9.2.s390x", }, }, { category: "product_version", name: "npm20-20.12.1-150500.11.9.2.s390x", product: { name: "npm20-20.12.1-150500.11.9.2.s390x", product_id: "npm20-20.12.1-150500.11.9.2.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "corepack20-20.12.1-150500.11.9.2.x86_64", product: { name: "corepack20-20.12.1-150500.11.9.2.x86_64", product_id: "corepack20-20.12.1-150500.11.9.2.x86_64", }, }, { category: "product_version", name: "nodejs20-20.12.1-150500.11.9.2.x86_64", product: { name: "nodejs20-20.12.1-150500.11.9.2.x86_64", product_id: "nodejs20-20.12.1-150500.11.9.2.x86_64", }, }, { category: "product_version", name: "nodejs20-devel-20.12.1-150500.11.9.2.x86_64", product: { name: "nodejs20-devel-20.12.1-150500.11.9.2.x86_64", product_id: "nodejs20-devel-20.12.1-150500.11.9.2.x86_64", }, }, { category: "product_version", name: "npm20-20.12.1-150500.11.9.2.x86_64", product: { name: "npm20-20.12.1-150500.11.9.2.x86_64", product_id: "npm20-20.12.1-150500.11.9.2.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product: { name: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-web-scripting:15:sp5", }, }, }, { category: "product_name", name: "openSUSE Leap 15.5", product: { name: "openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "nodejs20-20.12.1-150500.11.9.2.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64", }, product_reference: "nodejs20-20.12.1-150500.11.9.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "nodejs20-20.12.1-150500.11.9.2.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le", }, product_reference: "nodejs20-20.12.1-150500.11.9.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "nodejs20-20.12.1-150500.11.9.2.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x", }, product_reference: "nodejs20-20.12.1-150500.11.9.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "nodejs20-20.12.1-150500.11.9.2.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64", }, product_reference: "nodejs20-20.12.1-150500.11.9.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "nodejs20-devel-20.12.1-150500.11.9.2.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", }, product_reference: "nodejs20-devel-20.12.1-150500.11.9.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "nodejs20-devel-20.12.1-150500.11.9.2.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", }, product_reference: "nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "nodejs20-devel-20.12.1-150500.11.9.2.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", }, product_reference: "nodejs20-devel-20.12.1-150500.11.9.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "nodejs20-devel-20.12.1-150500.11.9.2.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", }, product_reference: "nodejs20-devel-20.12.1-150500.11.9.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "nodejs20-docs-20.12.1-150500.11.9.2.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", }, product_reference: "nodejs20-docs-20.12.1-150500.11.9.2.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "npm20-20.12.1-150500.11.9.2.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64", }, product_reference: "npm20-20.12.1-150500.11.9.2.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "npm20-20.12.1-150500.11.9.2.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le", }, product_reference: "npm20-20.12.1-150500.11.9.2.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "npm20-20.12.1-150500.11.9.2.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x", }, product_reference: "npm20-20.12.1-150500.11.9.2.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "npm20-20.12.1-150500.11.9.2.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64", }, product_reference: "npm20-20.12.1-150500.11.9.2.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "corepack20-20.12.1-150500.11.9.2.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64", }, product_reference: "corepack20-20.12.1-150500.11.9.2.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "corepack20-20.12.1-150500.11.9.2.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le", }, product_reference: "corepack20-20.12.1-150500.11.9.2.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "corepack20-20.12.1-150500.11.9.2.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x", }, product_reference: "corepack20-20.12.1-150500.11.9.2.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "corepack20-20.12.1-150500.11.9.2.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64", }, product_reference: "corepack20-20.12.1-150500.11.9.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs20-20.12.1-150500.11.9.2.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64", }, product_reference: "nodejs20-20.12.1-150500.11.9.2.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs20-20.12.1-150500.11.9.2.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le", }, product_reference: "nodejs20-20.12.1-150500.11.9.2.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs20-20.12.1-150500.11.9.2.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x", }, product_reference: "nodejs20-20.12.1-150500.11.9.2.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs20-20.12.1-150500.11.9.2.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64", }, product_reference: "nodejs20-20.12.1-150500.11.9.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs20-devel-20.12.1-150500.11.9.2.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", }, product_reference: "nodejs20-devel-20.12.1-150500.11.9.2.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs20-devel-20.12.1-150500.11.9.2.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", }, product_reference: "nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs20-devel-20.12.1-150500.11.9.2.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", }, product_reference: "nodejs20-devel-20.12.1-150500.11.9.2.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs20-devel-20.12.1-150500.11.9.2.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", }, product_reference: "nodejs20-devel-20.12.1-150500.11.9.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs20-docs-20.12.1-150500.11.9.2.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", }, product_reference: "nodejs20-docs-20.12.1-150500.11.9.2.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "npm20-20.12.1-150500.11.9.2.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64", }, product_reference: "npm20-20.12.1-150500.11.9.2.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "npm20-20.12.1-150500.11.9.2.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le", }, product_reference: "npm20-20.12.1-150500.11.9.2.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "npm20-20.12.1-150500.11.9.2.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x", }, product_reference: "npm20-20.12.1-150500.11.9.2.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "npm20-20.12.1-150500.11.9.2.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64", }, product_reference: "npm20-20.12.1-150500.11.9.2.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, ], }, vulnerabilities: [ { cve: "CVE-2024-24806", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-24806", }, ], notes: [ { category: "general", text: "libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-24806", url: "https://www.suse.com/security/cve/CVE-2024-24806", }, { category: "external", summary: "SUSE Bug 1219724 for CVE-2024-24806", url: "https://bugzilla.suse.com/1219724", }, { category: "external", summary: "SUSE Bug 1220056 for CVE-2024-24806", url: "https://bugzilla.suse.com/1220056", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-16T01:33:32Z", details: "moderate", }, ], title: "CVE-2024-24806", }, { cve: "CVE-2024-27982", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-27982", }, ], notes: [ { category: "general", text: "The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-27982", url: "https://www.suse.com/security/cve/CVE-2024-27982", }, { category: "external", summary: "SUSE Bug 1222384 for CVE-2024-27982", url: "https://bugzilla.suse.com/1222384", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-16T01:33:32Z", details: "moderate", }, ], title: "CVE-2024-27982", }, { cve: "CVE-2024-27983", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-27983", }, ], notes: [ { category: "general", text: "An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-27983", url: "https://www.suse.com/security/cve/CVE-2024-27983", }, { category: "external", summary: "SUSE Bug 1222244 for CVE-2024-27983", url: "https://bugzilla.suse.com/1222244", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-16T01:33:32Z", details: "important", }, ], title: "CVE-2024-27983", }, { cve: "CVE-2024-30260", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-30260", }, ], notes: [ { category: "general", text: "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-30260", url: "https://www.suse.com/security/cve/CVE-2024-30260", }, { category: "external", summary: "SUSE Bug 1222530 for CVE-2024-30260", url: "https://bugzilla.suse.com/1222530", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-16T01:33:32Z", details: "low", }, ], title: "CVE-2024-30260", }, { cve: "CVE-2024-30261", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-30261", }, ], notes: [ { category: "general", text: "Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-30261", url: "https://www.suse.com/security/cve/CVE-2024-30261", }, { category: "external", summary: "SUSE Bug 1222603 for CVE-2024-30261", url: "https://bugzilla.suse.com/1222603", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:corepack20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:nodejs20-devel-20.12.1-150500.11.9.2.x86_64", "openSUSE Leap 15.5:nodejs20-docs-20.12.1-150500.11.9.2.noarch", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.aarch64", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.ppc64le", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.s390x", "openSUSE Leap 15.5:npm20-20.12.1-150500.11.9.2.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-16T01:33:32Z", details: "low", }, ], title: "CVE-2024-30261", }, ], }
suse-su-2024:1836-1
Vulnerability from csaf_suse
Published
2024-05-29 12:10
Modified
2024-05-29 12:10
Summary
Security update for nodejs16
Notes
Title of the patch
Security update for nodejs16
Description of the patch
This update for nodejs16 fixes the following issues:
- CVE-2024-30260: undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline (bsc#1222530)
- CVE-2024-30261: undici: Ensure that integrity cannot be tampered with (bsc#1222603)
Patchnames
SUSE-2024-1836,SUSE-SLE-Module-Web-Scripting-12-2024-1836
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "low", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for nodejs16", title: "Title of the patch", }, { category: "description", text: "This update for nodejs16 fixes the following issues:\n\n- CVE-2024-30260: undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline (bsc#1222530)\n- CVE-2024-30261: undici: Ensure that integrity cannot be tampered with (bsc#1222603)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2024-1836,SUSE-SLE-Module-Web-Scripting-12-2024-1836", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1836-1.json", }, { category: "self", summary: "URL for SUSE-SU-2024:1836-1", url: "https://www.suse.com/support/update/announcement/2024/suse-su-20241836-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2024:1836-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2024-May/018620.html", }, { category: "self", summary: "SUSE Bug 1222530", url: "https://bugzilla.suse.com/1222530", }, { category: "self", summary: "SUSE Bug 1222603", url: "https://bugzilla.suse.com/1222603", }, { category: "self", summary: "SUSE CVE CVE-2024-30260 page", url: "https://www.suse.com/security/cve/CVE-2024-30260/", }, { category: "self", summary: "SUSE CVE CVE-2024-30261 page", url: "https://www.suse.com/security/cve/CVE-2024-30261/", }, ], title: "Security update for nodejs16", tracking: { current_release_date: "2024-05-29T12:10:53Z", generator: { date: "2024-05-29T12:10:53Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2024:1836-1", initial_release_date: "2024-05-29T12:10:53Z", revision_history: [ { date: "2024-05-29T12:10:53Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "corepack16-16.20.2-8.45.1.aarch64", product: { name: "corepack16-16.20.2-8.45.1.aarch64", product_id: "corepack16-16.20.2-8.45.1.aarch64", }, }, { category: "product_version", name: "nodejs16-16.20.2-8.45.1.aarch64", product: { name: "nodejs16-16.20.2-8.45.1.aarch64", product_id: "nodejs16-16.20.2-8.45.1.aarch64", }, }, { category: "product_version", name: "nodejs16-devel-16.20.2-8.45.1.aarch64", product: { name: "nodejs16-devel-16.20.2-8.45.1.aarch64", product_id: "nodejs16-devel-16.20.2-8.45.1.aarch64", }, }, { category: "product_version", name: "npm16-16.20.2-8.45.1.aarch64", product: { name: "npm16-16.20.2-8.45.1.aarch64", product_id: "npm16-16.20.2-8.45.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "corepack16-16.20.2-8.45.1.i586", product: { name: "corepack16-16.20.2-8.45.1.i586", product_id: "corepack16-16.20.2-8.45.1.i586", }, }, { category: "product_version", name: "nodejs16-16.20.2-8.45.1.i586", product: { name: "nodejs16-16.20.2-8.45.1.i586", product_id: "nodejs16-16.20.2-8.45.1.i586", }, }, { category: "product_version", name: "nodejs16-devel-16.20.2-8.45.1.i586", product: { name: "nodejs16-devel-16.20.2-8.45.1.i586", product_id: "nodejs16-devel-16.20.2-8.45.1.i586", }, }, { category: "product_version", name: "npm16-16.20.2-8.45.1.i586", product: { name: "npm16-16.20.2-8.45.1.i586", product_id: "npm16-16.20.2-8.45.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "nodejs16-docs-16.20.2-8.45.1.noarch", product: { name: "nodejs16-docs-16.20.2-8.45.1.noarch", product_id: "nodejs16-docs-16.20.2-8.45.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "corepack16-16.20.2-8.45.1.ppc64le", product: { name: "corepack16-16.20.2-8.45.1.ppc64le", product_id: "corepack16-16.20.2-8.45.1.ppc64le", }, }, { category: "product_version", name: "nodejs16-16.20.2-8.45.1.ppc64le", product: { name: "nodejs16-16.20.2-8.45.1.ppc64le", product_id: "nodejs16-16.20.2-8.45.1.ppc64le", }, }, { category: "product_version", name: "nodejs16-devel-16.20.2-8.45.1.ppc64le", product: { name: "nodejs16-devel-16.20.2-8.45.1.ppc64le", product_id: "nodejs16-devel-16.20.2-8.45.1.ppc64le", }, }, { category: "product_version", name: "npm16-16.20.2-8.45.1.ppc64le", product: { name: "npm16-16.20.2-8.45.1.ppc64le", product_id: "npm16-16.20.2-8.45.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "corepack16-16.20.2-8.45.1.s390x", product: { name: "corepack16-16.20.2-8.45.1.s390x", product_id: "corepack16-16.20.2-8.45.1.s390x", }, }, { category: "product_version", name: "nodejs16-16.20.2-8.45.1.s390x", product: { name: "nodejs16-16.20.2-8.45.1.s390x", product_id: "nodejs16-16.20.2-8.45.1.s390x", }, }, { category: "product_version", name: "nodejs16-devel-16.20.2-8.45.1.s390x", product: { name: "nodejs16-devel-16.20.2-8.45.1.s390x", product_id: "nodejs16-devel-16.20.2-8.45.1.s390x", }, }, { category: "product_version", name: "npm16-16.20.2-8.45.1.s390x", product: { name: "npm16-16.20.2-8.45.1.s390x", product_id: "npm16-16.20.2-8.45.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "corepack16-16.20.2-8.45.1.x86_64", product: { name: "corepack16-16.20.2-8.45.1.x86_64", product_id: "corepack16-16.20.2-8.45.1.x86_64", }, }, { category: "product_version", name: "nodejs16-16.20.2-8.45.1.x86_64", product: { name: "nodejs16-16.20.2-8.45.1.x86_64", product_id: "nodejs16-16.20.2-8.45.1.x86_64", }, }, { category: "product_version", name: "nodejs16-devel-16.20.2-8.45.1.x86_64", product: { name: "nodejs16-devel-16.20.2-8.45.1.x86_64", product_id: "nodejs16-devel-16.20.2-8.45.1.x86_64", }, }, { category: "product_version", name: "npm16-16.20.2-8.45.1.x86_64", product: { name: "npm16-16.20.2-8.45.1.x86_64", product_id: "npm16-16.20.2-8.45.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Web and Scripting 12", product: { name: "SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-web-scripting:12", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "nodejs16-16.20.2-8.45.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.aarch64", }, product_reference: "nodejs16-16.20.2-8.45.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "nodejs16-16.20.2-8.45.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.ppc64le", }, product_reference: "nodejs16-16.20.2-8.45.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "nodejs16-16.20.2-8.45.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.s390x", }, product_reference: "nodejs16-16.20.2-8.45.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "nodejs16-16.20.2-8.45.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.x86_64", }, product_reference: "nodejs16-16.20.2-8.45.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "nodejs16-devel-16.20.2-8.45.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.aarch64", }, product_reference: "nodejs16-devel-16.20.2-8.45.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "nodejs16-devel-16.20.2-8.45.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.ppc64le", }, product_reference: "nodejs16-devel-16.20.2-8.45.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "nodejs16-devel-16.20.2-8.45.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.s390x", }, product_reference: "nodejs16-devel-16.20.2-8.45.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "nodejs16-devel-16.20.2-8.45.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.x86_64", }, product_reference: "nodejs16-devel-16.20.2-8.45.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "nodejs16-docs-16.20.2-8.45.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-docs-16.20.2-8.45.1.noarch", }, product_reference: "nodejs16-docs-16.20.2-8.45.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "npm16-16.20.2-8.45.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.aarch64", }, product_reference: "npm16-16.20.2-8.45.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "npm16-16.20.2-8.45.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.ppc64le", }, product_reference: "npm16-16.20.2-8.45.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "npm16-16.20.2-8.45.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.s390x", }, product_reference: "npm16-16.20.2-8.45.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "npm16-16.20.2-8.45.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.x86_64", }, product_reference: "npm16-16.20.2-8.45.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, ], }, vulnerabilities: [ { cve: "CVE-2024-30260", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-30260", }, ], notes: [ { category: "general", text: "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-docs-16.20.2-8.45.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-30260", url: "https://www.suse.com/security/cve/CVE-2024-30260", }, { category: "external", summary: "SUSE Bug 1222530 for CVE-2024-30260", url: "https://bugzilla.suse.com/1222530", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-docs-16.20.2-8.45.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-docs-16.20.2-8.45.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-05-29T12:10:53Z", details: "low", }, ], title: "CVE-2024-30260", }, { cve: "CVE-2024-30261", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-30261", }, ], notes: [ { category: "general", text: "Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-docs-16.20.2-8.45.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-30261", url: "https://www.suse.com/security/cve/CVE-2024-30261", }, { category: "external", summary: "SUSE Bug 1222603 for CVE-2024-30261", url: "https://bugzilla.suse.com/1222603", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-docs-16.20.2-8.45.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-16.20.2-8.45.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-devel-16.20.2-8.45.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs16-docs-16.20.2-8.45.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:npm16-16.20.2-8.45.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-05-29T12:10:53Z", details: "low", }, ], title: "CVE-2024-30261", }, ], }
suse-su-2024:1309-1
Vulnerability from csaf_suse
Published
2024-04-16 09:32
Modified
2024-04-16 09:32
Summary
Security update for nodejs18
Notes
Title of the patch
Security update for nodejs18
Description of the patch
This update for nodejs18 fixes the following issues:
Update to 18.20.1
Security fixes:
- CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244)
- CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384)
- CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici (bsc#1222530)
- CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici (bsc#1222603)
- CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv (bsc#1220053)
Patchnames
SUSE-2024-1309,SUSE-SLE-Module-Web-Scripting-15-SP5-2024-1309,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1309,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1309,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1309,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1309,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1309,openSUSE-SLE-15.5-2024-1309
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for nodejs18", title: "Title of the patch", }, { category: "description", text: "This update for nodejs18 fixes the following issues:\n\nUpdate to 18.20.1\n\nSecurity fixes:\n\n - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244)\n - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384)\n - CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici (bsc#1222530)\n - CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici (bsc#1222603) \n - CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv (bsc#1220053)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2024-1309,SUSE-SLE-Module-Web-Scripting-15-SP5-2024-1309,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2024-1309,SUSE-SLE-Product-HPC-15-SP4-LTSS-2024-1309,SUSE-SLE-Product-SLES-15-SP4-LTSS-2024-1309,SUSE-SLE-Product-SLES_SAP-15-SP4-2024-1309,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-1309,openSUSE-SLE-15.5-2024-1309", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1309-1.json", }, { category: "self", summary: "URL for SUSE-SU-2024:1309-1", url: "https://www.suse.com/support/update/announcement/2024/suse-su-20241309-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2024:1309-1", url: "https://lists.suse.com/pipermail/sle-updates/2024-April/034989.html", }, { category: "self", summary: "SUSE Bug 1220053", url: "https://bugzilla.suse.com/1220053", }, { category: "self", summary: "SUSE Bug 1222244", url: "https://bugzilla.suse.com/1222244", }, { category: "self", summary: "SUSE Bug 1222384", url: "https://bugzilla.suse.com/1222384", }, { category: "self", summary: "SUSE Bug 1222530", url: "https://bugzilla.suse.com/1222530", }, { category: "self", summary: "SUSE Bug 1222603", url: "https://bugzilla.suse.com/1222603", }, { category: "self", summary: "SUSE CVE CVE-2024-24806 page", url: "https://www.suse.com/security/cve/CVE-2024-24806/", }, { category: "self", summary: "SUSE CVE CVE-2024-27982 page", url: "https://www.suse.com/security/cve/CVE-2024-27982/", }, { category: "self", summary: "SUSE CVE CVE-2024-27983 page", url: "https://www.suse.com/security/cve/CVE-2024-27983/", }, { category: "self", summary: "SUSE CVE CVE-2024-30260 page", url: "https://www.suse.com/security/cve/CVE-2024-30260/", }, { category: "self", summary: "SUSE CVE CVE-2024-30261 page", url: "https://www.suse.com/security/cve/CVE-2024-30261/", }, ], title: "Security update for nodejs18", tracking: { current_release_date: "2024-04-16T09:32:58Z", generator: { date: "2024-04-16T09:32:58Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2024:1309-1", initial_release_date: "2024-04-16T09:32:58Z", revision_history: [ { date: "2024-04-16T09:32:58Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "corepack18-18.20.1-150400.9.21.3.aarch64", product: { name: "corepack18-18.20.1-150400.9.21.3.aarch64", product_id: "corepack18-18.20.1-150400.9.21.3.aarch64", }, }, { category: "product_version", name: "nodejs18-18.20.1-150400.9.21.3.aarch64", product: { name: "nodejs18-18.20.1-150400.9.21.3.aarch64", product_id: "nodejs18-18.20.1-150400.9.21.3.aarch64", }, }, { category: "product_version", name: "nodejs18-devel-18.20.1-150400.9.21.3.aarch64", product: { name: "nodejs18-devel-18.20.1-150400.9.21.3.aarch64", product_id: "nodejs18-devel-18.20.1-150400.9.21.3.aarch64", }, }, { category: "product_version", name: "npm18-18.20.1-150400.9.21.3.aarch64", product: { name: "npm18-18.20.1-150400.9.21.3.aarch64", product_id: "npm18-18.20.1-150400.9.21.3.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "corepack18-18.20.1-150400.9.21.3.i586", product: { name: "corepack18-18.20.1-150400.9.21.3.i586", product_id: "corepack18-18.20.1-150400.9.21.3.i586", }, }, { category: "product_version", name: "nodejs18-18.20.1-150400.9.21.3.i586", product: { name: "nodejs18-18.20.1-150400.9.21.3.i586", product_id: "nodejs18-18.20.1-150400.9.21.3.i586", }, }, { category: "product_version", name: "nodejs18-devel-18.20.1-150400.9.21.3.i586", product: { name: "nodejs18-devel-18.20.1-150400.9.21.3.i586", product_id: "nodejs18-devel-18.20.1-150400.9.21.3.i586", }, }, { category: "product_version", name: "npm18-18.20.1-150400.9.21.3.i586", product: { name: "npm18-18.20.1-150400.9.21.3.i586", product_id: "npm18-18.20.1-150400.9.21.3.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "nodejs18-docs-18.20.1-150400.9.21.3.noarch", product: { name: "nodejs18-docs-18.20.1-150400.9.21.3.noarch", product_id: "nodejs18-docs-18.20.1-150400.9.21.3.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "corepack18-18.20.1-150400.9.21.3.ppc64le", product: { name: "corepack18-18.20.1-150400.9.21.3.ppc64le", product_id: "corepack18-18.20.1-150400.9.21.3.ppc64le", }, }, { category: "product_version", name: "nodejs18-18.20.1-150400.9.21.3.ppc64le", product: { name: "nodejs18-18.20.1-150400.9.21.3.ppc64le", product_id: "nodejs18-18.20.1-150400.9.21.3.ppc64le", }, }, { category: "product_version", name: "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", product: { name: "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", product_id: "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", }, }, { category: "product_version", name: "npm18-18.20.1-150400.9.21.3.ppc64le", product: { name: "npm18-18.20.1-150400.9.21.3.ppc64le", product_id: "npm18-18.20.1-150400.9.21.3.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "corepack18-18.20.1-150400.9.21.3.s390x", product: { name: "corepack18-18.20.1-150400.9.21.3.s390x", product_id: "corepack18-18.20.1-150400.9.21.3.s390x", }, }, { category: "product_version", name: "nodejs18-18.20.1-150400.9.21.3.s390x", product: { name: "nodejs18-18.20.1-150400.9.21.3.s390x", product_id: "nodejs18-18.20.1-150400.9.21.3.s390x", }, }, { category: "product_version", name: "nodejs18-devel-18.20.1-150400.9.21.3.s390x", product: { name: "nodejs18-devel-18.20.1-150400.9.21.3.s390x", product_id: "nodejs18-devel-18.20.1-150400.9.21.3.s390x", }, }, { category: "product_version", name: "npm18-18.20.1-150400.9.21.3.s390x", product: { name: "npm18-18.20.1-150400.9.21.3.s390x", product_id: "npm18-18.20.1-150400.9.21.3.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "corepack18-18.20.1-150400.9.21.3.x86_64", product: { name: "corepack18-18.20.1-150400.9.21.3.x86_64", product_id: "corepack18-18.20.1-150400.9.21.3.x86_64", }, }, { category: "product_version", name: "nodejs18-18.20.1-150400.9.21.3.x86_64", product: { name: "nodejs18-18.20.1-150400.9.21.3.x86_64", product_id: "nodejs18-18.20.1-150400.9.21.3.x86_64", }, }, { category: "product_version", name: "nodejs18-devel-18.20.1-150400.9.21.3.x86_64", product: { name: "nodejs18-devel-18.20.1-150400.9.21.3.x86_64", product_id: "nodejs18-devel-18.20.1-150400.9.21.3.x86_64", }, }, { category: "product_version", name: "npm18-18.20.1-150400.9.21.3.x86_64", product: { name: "npm18-18.20.1-150400.9.21.3.x86_64", product_id: "npm18-18.20.1-150400.9.21.3.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product: { name: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-web-scripting:15:sp5", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-espos:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", product: { name: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sle_hpc-ltss:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server 15 SP4-LTSS", product: { name: "SUSE Linux Enterprise Server 15 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP4-LTSS", product_identification_helper: { cpe: "cpe:/o:suse:sles-ltss:15:sp4", }, }, }, { category: "product_name", name: "SUSE Linux Enterprise Server for SAP Applications 15 SP4", product: { name: "SUSE Linux Enterprise Server for SAP Applications 15 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP4", product_identification_helper: { cpe: "cpe:/o:suse:sles_sap:15:sp4", }, }, }, { category: "product_name", name: "SUSE Manager Server 4.3", product: { name: "SUSE Manager Server 4.3", product_id: "SUSE Manager Server 4.3", product_identification_helper: { cpe: "cpe:/o:suse:suse-manager-server:4.3", }, }, }, { category: "product_name", name: "openSUSE Leap 15.5", product: { name: "openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.5", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-150400.9.21.3.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64", }, product_reference: "nodejs18-18.20.1-150400.9.21.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-150400.9.21.3.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le", }, product_reference: "nodejs18-18.20.1-150400.9.21.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-150400.9.21.3.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x", }, product_reference: "nodejs18-18.20.1-150400.9.21.3.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64", }, product_reference: "nodejs18-18.20.1-150400.9.21.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-150400.9.21.3.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", }, product_reference: "nodejs18-devel-18.20.1-150400.9.21.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", }, product_reference: "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-150400.9.21.3.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", }, product_reference: "nodejs18-devel-18.20.1-150400.9.21.3.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", }, product_reference: "nodejs18-devel-18.20.1-150400.9.21.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-docs-18.20.1-150400.9.21.3.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", }, product_reference: "nodejs18-docs-18.20.1-150400.9.21.3.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-150400.9.21.3.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64", }, product_reference: "npm18-18.20.1-150400.9.21.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-150400.9.21.3.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le", }, product_reference: "npm18-18.20.1-150400.9.21.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-150400.9.21.3.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x", }, product_reference: "npm18-18.20.1-150400.9.21.3.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP5", product_id: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64", }, product_reference: "npm18-18.20.1-150400.9.21.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 15 SP5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-150400.9.21.3.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64", }, product_reference: "nodejs18-18.20.1-150400.9.21.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64", }, product_reference: "nodejs18-18.20.1-150400.9.21.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-150400.9.21.3.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", }, product_reference: "nodejs18-devel-18.20.1-150400.9.21.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", }, product_reference: "nodejs18-devel-18.20.1-150400.9.21.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", }, { category: "default_component_of", full_product_name: { name: "nodejs18-docs-18.20.1-150400.9.21.3.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", }, product_reference: "nodejs18-docs-18.20.1-150400.9.21.3.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-150400.9.21.3.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64", }, product_reference: "npm18-18.20.1-150400.9.21.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64", }, product_reference: "npm18-18.20.1-150400.9.21.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-150400.9.21.3.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", }, product_reference: "nodejs18-18.20.1-150400.9.21.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", }, product_reference: "nodejs18-18.20.1-150400.9.21.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-150400.9.21.3.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", }, product_reference: "nodejs18-devel-18.20.1-150400.9.21.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", }, product_reference: "nodejs18-devel-18.20.1-150400.9.21.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "nodejs18-docs-18.20.1-150400.9.21.3.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", }, product_reference: "nodejs18-docs-18.20.1-150400.9.21.3.noarch", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-150400.9.21.3.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", }, product_reference: "npm18-18.20.1-150400.9.21.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", product_id: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", }, product_reference: "npm18-18.20.1-150400.9.21.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-150400.9.21.3.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", }, product_reference: "nodejs18-18.20.1-150400.9.21.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-150400.9.21.3.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le", }, product_reference: "nodejs18-18.20.1-150400.9.21.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-150400.9.21.3.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x", }, product_reference: "nodejs18-18.20.1-150400.9.21.3.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", }, product_reference: "nodejs18-18.20.1-150400.9.21.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-150400.9.21.3.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", }, product_reference: "nodejs18-devel-18.20.1-150400.9.21.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", }, product_reference: "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-150400.9.21.3.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x", }, product_reference: "nodejs18-devel-18.20.1-150400.9.21.3.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", }, product_reference: "nodejs18-devel-18.20.1-150400.9.21.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "nodejs18-docs-18.20.1-150400.9.21.3.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", }, product_reference: "nodejs18-docs-18.20.1-150400.9.21.3.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-150400.9.21.3.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", }, product_reference: "npm18-18.20.1-150400.9.21.3.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-150400.9.21.3.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le", }, product_reference: "npm18-18.20.1-150400.9.21.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-150400.9.21.3.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x", }, product_reference: "npm18-18.20.1-150400.9.21.3.s390x", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS", product_id: "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", }, product_reference: "npm18-18.20.1-150400.9.21.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server 15 SP4-LTSS", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-150400.9.21.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le", }, product_reference: "nodejs18-18.20.1-150400.9.21.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP4", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64", }, product_reference: "nodejs18-18.20.1-150400.9.21.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP4", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", }, product_reference: "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP4", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", }, product_reference: "nodejs18-devel-18.20.1-150400.9.21.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP4", }, { category: "default_component_of", full_product_name: { name: "nodejs18-docs-18.20.1-150400.9.21.3.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch", }, product_reference: "nodejs18-docs-18.20.1-150400.9.21.3.noarch", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP4", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-150400.9.21.3.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le", }, product_reference: "npm18-18.20.1-150400.9.21.3.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP4", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-150400.9.21.3.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4", product_id: "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64", }, product_reference: "npm18-18.20.1-150400.9.21.3.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Server for SAP Applications 15 SP4", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-150400.9.21.3.ppc64le as component of SUSE Manager Server 4.3", product_id: "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le", }, product_reference: "nodejs18-18.20.1-150400.9.21.3.ppc64le", relates_to_product_reference: "SUSE Manager Server 4.3", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-150400.9.21.3.s390x as component of SUSE Manager Server 4.3", product_id: "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x", }, product_reference: "nodejs18-18.20.1-150400.9.21.3.s390x", relates_to_product_reference: "SUSE Manager Server 4.3", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-150400.9.21.3.x86_64 as component of SUSE Manager Server 4.3", product_id: "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64", }, product_reference: "nodejs18-18.20.1-150400.9.21.3.x86_64", relates_to_product_reference: "SUSE Manager Server 4.3", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le as component of SUSE Manager Server 4.3", product_id: "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", }, product_reference: "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", relates_to_product_reference: "SUSE Manager Server 4.3", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-150400.9.21.3.s390x as component of SUSE Manager Server 4.3", product_id: "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x", }, product_reference: "nodejs18-devel-18.20.1-150400.9.21.3.s390x", relates_to_product_reference: "SUSE Manager Server 4.3", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-150400.9.21.3.x86_64 as component of SUSE Manager Server 4.3", product_id: "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", }, product_reference: "nodejs18-devel-18.20.1-150400.9.21.3.x86_64", relates_to_product_reference: "SUSE Manager Server 4.3", }, { category: "default_component_of", full_product_name: { name: "nodejs18-docs-18.20.1-150400.9.21.3.noarch as component of SUSE Manager Server 4.3", product_id: "SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch", }, product_reference: "nodejs18-docs-18.20.1-150400.9.21.3.noarch", relates_to_product_reference: "SUSE Manager Server 4.3", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-150400.9.21.3.ppc64le as component of SUSE Manager Server 4.3", product_id: "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le", }, product_reference: "npm18-18.20.1-150400.9.21.3.ppc64le", relates_to_product_reference: "SUSE Manager Server 4.3", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-150400.9.21.3.s390x as component of SUSE Manager Server 4.3", product_id: "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x", }, product_reference: "npm18-18.20.1-150400.9.21.3.s390x", relates_to_product_reference: "SUSE Manager Server 4.3", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-150400.9.21.3.x86_64 as component of SUSE Manager Server 4.3", product_id: "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64", }, product_reference: "npm18-18.20.1-150400.9.21.3.x86_64", relates_to_product_reference: "SUSE Manager Server 4.3", }, { category: "default_component_of", full_product_name: { name: "corepack18-18.20.1-150400.9.21.3.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64", }, product_reference: "corepack18-18.20.1-150400.9.21.3.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "corepack18-18.20.1-150400.9.21.3.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le", }, product_reference: "corepack18-18.20.1-150400.9.21.3.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "corepack18-18.20.1-150400.9.21.3.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x", }, product_reference: "corepack18-18.20.1-150400.9.21.3.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "corepack18-18.20.1-150400.9.21.3.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64", }, product_reference: "corepack18-18.20.1-150400.9.21.3.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-150400.9.21.3.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64", }, product_reference: "nodejs18-18.20.1-150400.9.21.3.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-150400.9.21.3.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le", }, product_reference: "nodejs18-18.20.1-150400.9.21.3.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-150400.9.21.3.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x", }, product_reference: "nodejs18-18.20.1-150400.9.21.3.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-150400.9.21.3.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64", }, product_reference: "nodejs18-18.20.1-150400.9.21.3.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-150400.9.21.3.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", }, product_reference: "nodejs18-devel-18.20.1-150400.9.21.3.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", }, product_reference: "nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-150400.9.21.3.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", }, product_reference: "nodejs18-devel-18.20.1-150400.9.21.3.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-150400.9.21.3.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", }, product_reference: "nodejs18-devel-18.20.1-150400.9.21.3.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "nodejs18-docs-18.20.1-150400.9.21.3.noarch as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", }, product_reference: "nodejs18-docs-18.20.1-150400.9.21.3.noarch", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-150400.9.21.3.aarch64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64", }, product_reference: "npm18-18.20.1-150400.9.21.3.aarch64", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-150400.9.21.3.ppc64le as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le", }, product_reference: "npm18-18.20.1-150400.9.21.3.ppc64le", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-150400.9.21.3.s390x as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x", }, product_reference: "npm18-18.20.1-150400.9.21.3.s390x", relates_to_product_reference: "openSUSE Leap 15.5", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-150400.9.21.3.x86_64 as component of openSUSE Leap 15.5", product_id: "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64", }, product_reference: "npm18-18.20.1-150400.9.21.3.x86_64", relates_to_product_reference: "openSUSE Leap 15.5", }, ], }, vulnerabilities: [ { cve: "CVE-2024-24806", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-24806", }, ], notes: [ { category: "general", text: "libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-24806", url: "https://www.suse.com/security/cve/CVE-2024-24806", }, { category: "external", summary: "SUSE Bug 1219724 for CVE-2024-24806", url: "https://bugzilla.suse.com/1219724", }, { category: "external", summary: "SUSE Bug 1220056 for CVE-2024-24806", url: "https://bugzilla.suse.com/1220056", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-16T09:32:58Z", details: "moderate", }, ], title: "CVE-2024-24806", }, { cve: "CVE-2024-27982", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-27982", }, ], notes: [ { category: "general", text: "The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-27982", url: "https://www.suse.com/security/cve/CVE-2024-27982", }, { category: "external", summary: "SUSE Bug 1222384 for CVE-2024-27982", url: "https://bugzilla.suse.com/1222384", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-16T09:32:58Z", details: "moderate", }, ], title: "CVE-2024-27982", }, { cve: "CVE-2024-27983", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-27983", }, ], notes: [ { category: "general", text: "An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-27983", url: "https://www.suse.com/security/cve/CVE-2024-27983", }, { category: "external", summary: "SUSE Bug 1222244 for CVE-2024-27983", url: "https://bugzilla.suse.com/1222244", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-16T09:32:58Z", details: "important", }, ], title: "CVE-2024-27983", }, { cve: "CVE-2024-30260", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-30260", }, ], notes: [ { category: "general", text: "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-30260", url: "https://www.suse.com/security/cve/CVE-2024-30260", }, { category: "external", summary: "SUSE Bug 1222530 for CVE-2024-30260", url: "https://bugzilla.suse.com/1222530", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-16T09:32:58Z", details: "low", }, ], title: "CVE-2024-30260", }, { cve: "CVE-2024-30261", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-30261", }, ], notes: [ { category: "general", text: "Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-30261", url: "https://www.suse.com/security/cve/CVE-2024-30261", }, { category: "external", summary: "SUSE Bug 1222603 for CVE-2024-30261", url: "https://bugzilla.suse.com/1222603", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Module for Web and Scripting 15 SP5:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.aarch64", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "SUSE Manager Server 4.3:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.ppc64le", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.s390x", "SUSE Manager Server 4.3:npm18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:corepack18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:nodejs18-devel-18.20.1-150400.9.21.3.x86_64", "openSUSE Leap 15.5:nodejs18-docs-18.20.1-150400.9.21.3.noarch", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.aarch64", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.ppc64le", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.s390x", "openSUSE Leap 15.5:npm18-18.20.1-150400.9.21.3.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-16T09:32:58Z", details: "low", }, ], title: "CVE-2024-30261", }, ], }
suse-su-2024:1307-1
Vulnerability from csaf_suse
Published
2024-04-16 09:32
Modified
2024-04-16 09:32
Summary
Security update for nodejs18
Notes
Title of the patch
Security update for nodejs18
Description of the patch
This update for nodejs18 fixes the following issues:
Update to 18.20.1
Security fixes:
- CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244)
- CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384)
- CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici (bsc#1222530)
- CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici (bsc#1222603)
- CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv (bsc#1220053)
Patchnames
SUSE-2024-1307,SUSE-SLE-Module-Web-Scripting-12-2024-1307
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for nodejs18", title: "Title of the patch", }, { category: "description", text: "This update for nodejs18 fixes the following issues:\n\nUpdate to 18.20.1\n\nSecurity fixes:\n - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244)\n - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384)\n - CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici (bsc#1222530)\n - CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici (bsc#1222603) \n - CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv (bsc#1220053)\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2024-1307,SUSE-SLE-Module-Web-Scripting-12-2024-1307", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_1307-1.json", }, { category: "self", summary: "URL for SUSE-SU-2024:1307-1", url: "https://www.suse.com/support/update/announcement/2024/suse-su-20241307-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2024:1307-1", url: "https://lists.suse.com/pipermail/sle-updates/2024-April/034991.html", }, { category: "self", summary: "SUSE Bug 1220053", url: "https://bugzilla.suse.com/1220053", }, { category: "self", summary: "SUSE Bug 1222244", url: "https://bugzilla.suse.com/1222244", }, { category: "self", summary: "SUSE Bug 1222384", url: "https://bugzilla.suse.com/1222384", }, { category: "self", summary: "SUSE Bug 1222530", url: "https://bugzilla.suse.com/1222530", }, { category: "self", summary: "SUSE Bug 1222603", url: "https://bugzilla.suse.com/1222603", }, { category: "self", summary: "SUSE CVE CVE-2024-24806 page", url: "https://www.suse.com/security/cve/CVE-2024-24806/", }, { category: "self", summary: "SUSE CVE CVE-2024-27982 page", url: "https://www.suse.com/security/cve/CVE-2024-27982/", }, { category: "self", summary: "SUSE CVE CVE-2024-27983 page", url: "https://www.suse.com/security/cve/CVE-2024-27983/", }, { category: "self", summary: "SUSE CVE CVE-2024-30260 page", url: "https://www.suse.com/security/cve/CVE-2024-30260/", }, { category: "self", summary: "SUSE CVE CVE-2024-30261 page", url: "https://www.suse.com/security/cve/CVE-2024-30261/", }, ], title: "Security update for nodejs18", tracking: { current_release_date: "2024-04-16T09:32:01Z", generator: { date: "2024-04-16T09:32:01Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2024:1307-1", initial_release_date: "2024-04-16T09:32:01Z", revision_history: [ { date: "2024-04-16T09:32:01Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "corepack18-18.20.1-8.21.1.aarch64", product: { name: "corepack18-18.20.1-8.21.1.aarch64", product_id: "corepack18-18.20.1-8.21.1.aarch64", }, }, { category: "product_version", name: "nodejs18-18.20.1-8.21.1.aarch64", product: { name: "nodejs18-18.20.1-8.21.1.aarch64", product_id: "nodejs18-18.20.1-8.21.1.aarch64", }, }, { category: "product_version", name: "nodejs18-devel-18.20.1-8.21.1.aarch64", product: { name: "nodejs18-devel-18.20.1-8.21.1.aarch64", product_id: "nodejs18-devel-18.20.1-8.21.1.aarch64", }, }, { category: "product_version", name: "npm18-18.20.1-8.21.1.aarch64", product: { name: "npm18-18.20.1-8.21.1.aarch64", product_id: "npm18-18.20.1-8.21.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "corepack18-18.20.1-8.21.1.i586", product: { name: "corepack18-18.20.1-8.21.1.i586", product_id: "corepack18-18.20.1-8.21.1.i586", }, }, { category: "product_version", name: "nodejs18-18.20.1-8.21.1.i586", product: { name: "nodejs18-18.20.1-8.21.1.i586", product_id: "nodejs18-18.20.1-8.21.1.i586", }, }, { category: "product_version", name: "nodejs18-devel-18.20.1-8.21.1.i586", product: { name: "nodejs18-devel-18.20.1-8.21.1.i586", product_id: "nodejs18-devel-18.20.1-8.21.1.i586", }, }, { category: "product_version", name: "npm18-18.20.1-8.21.1.i586", product: { name: "npm18-18.20.1-8.21.1.i586", product_id: "npm18-18.20.1-8.21.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "nodejs18-docs-18.20.1-8.21.1.noarch", product: { name: "nodejs18-docs-18.20.1-8.21.1.noarch", product_id: "nodejs18-docs-18.20.1-8.21.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "corepack18-18.20.1-8.21.1.ppc64le", product: { name: "corepack18-18.20.1-8.21.1.ppc64le", product_id: "corepack18-18.20.1-8.21.1.ppc64le", }, }, { category: "product_version", name: "nodejs18-18.20.1-8.21.1.ppc64le", product: { name: "nodejs18-18.20.1-8.21.1.ppc64le", product_id: "nodejs18-18.20.1-8.21.1.ppc64le", }, }, { category: "product_version", name: "nodejs18-devel-18.20.1-8.21.1.ppc64le", product: { name: "nodejs18-devel-18.20.1-8.21.1.ppc64le", product_id: "nodejs18-devel-18.20.1-8.21.1.ppc64le", }, }, { category: "product_version", name: "npm18-18.20.1-8.21.1.ppc64le", product: { name: "npm18-18.20.1-8.21.1.ppc64le", product_id: "npm18-18.20.1-8.21.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "corepack18-18.20.1-8.21.1.s390x", product: { name: "corepack18-18.20.1-8.21.1.s390x", product_id: "corepack18-18.20.1-8.21.1.s390x", }, }, { category: "product_version", name: "nodejs18-18.20.1-8.21.1.s390x", product: { name: "nodejs18-18.20.1-8.21.1.s390x", product_id: "nodejs18-18.20.1-8.21.1.s390x", }, }, { category: "product_version", name: "nodejs18-devel-18.20.1-8.21.1.s390x", product: { name: "nodejs18-devel-18.20.1-8.21.1.s390x", product_id: "nodejs18-devel-18.20.1-8.21.1.s390x", }, }, { category: "product_version", name: "npm18-18.20.1-8.21.1.s390x", product: { name: "npm18-18.20.1-8.21.1.s390x", product_id: "npm18-18.20.1-8.21.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "corepack18-18.20.1-8.21.1.x86_64", product: { name: "corepack18-18.20.1-8.21.1.x86_64", product_id: "corepack18-18.20.1-8.21.1.x86_64", }, }, { category: "product_version", name: "nodejs18-18.20.1-8.21.1.x86_64", product: { name: "nodejs18-18.20.1-8.21.1.x86_64", product_id: "nodejs18-18.20.1-8.21.1.x86_64", }, }, { category: "product_version", name: "nodejs18-devel-18.20.1-8.21.1.x86_64", product: { name: "nodejs18-devel-18.20.1-8.21.1.x86_64", product_id: "nodejs18-devel-18.20.1-8.21.1.x86_64", }, }, { category: "product_version", name: "npm18-18.20.1-8.21.1.x86_64", product: { name: "npm18-18.20.1-8.21.1.x86_64", product_id: "npm18-18.20.1-8.21.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Web and Scripting 12", product: { name: "SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-web-scripting:12", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-8.21.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64", }, product_reference: "nodejs18-18.20.1-8.21.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-8.21.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le", }, product_reference: "nodejs18-18.20.1-8.21.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-8.21.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x", }, product_reference: "nodejs18-18.20.1-8.21.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "nodejs18-18.20.1-8.21.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64", }, product_reference: "nodejs18-18.20.1-8.21.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-8.21.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64", }, product_reference: "nodejs18-devel-18.20.1-8.21.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-8.21.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le", }, product_reference: "nodejs18-devel-18.20.1-8.21.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-8.21.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x", }, product_reference: "nodejs18-devel-18.20.1-8.21.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "nodejs18-devel-18.20.1-8.21.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64", }, product_reference: "nodejs18-devel-18.20.1-8.21.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "nodejs18-docs-18.20.1-8.21.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch", }, product_reference: "nodejs18-docs-18.20.1-8.21.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-8.21.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64", }, product_reference: "npm18-18.20.1-8.21.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-8.21.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le", }, product_reference: "npm18-18.20.1-8.21.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-8.21.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x", }, product_reference: "npm18-18.20.1-8.21.1.s390x", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "npm18-18.20.1-8.21.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64", }, product_reference: "npm18-18.20.1-8.21.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, ], }, vulnerabilities: [ { cve: "CVE-2024-24806", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-24806", }, ], notes: [ { category: "general", text: "libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-24806", url: "https://www.suse.com/security/cve/CVE-2024-24806", }, { category: "external", summary: "SUSE Bug 1219724 for CVE-2024-24806", url: "https://bugzilla.suse.com/1219724", }, { category: "external", summary: "SUSE Bug 1220056 for CVE-2024-24806", url: "https://bugzilla.suse.com/1220056", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-16T09:32:01Z", details: "moderate", }, ], title: "CVE-2024-24806", }, { cve: "CVE-2024-27982", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-27982", }, ], notes: [ { category: "general", text: "The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-27982", url: "https://www.suse.com/security/cve/CVE-2024-27982", }, { category: "external", summary: "SUSE Bug 1222384 for CVE-2024-27982", url: "https://bugzilla.suse.com/1222384", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-16T09:32:01Z", details: "moderate", }, ], title: "CVE-2024-27982", }, { cve: "CVE-2024-27983", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-27983", }, ], notes: [ { category: "general", text: "An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-27983", url: "https://www.suse.com/security/cve/CVE-2024-27983", }, { category: "external", summary: "SUSE Bug 1222244 for CVE-2024-27983", url: "https://bugzilla.suse.com/1222244", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-16T09:32:01Z", details: "important", }, ], title: "CVE-2024-27983", }, { cve: "CVE-2024-30260", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-30260", }, ], notes: [ { category: "general", text: "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.\n", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-30260", url: "https://www.suse.com/security/cve/CVE-2024-30260", }, { category: "external", summary: "SUSE Bug 1222530 for CVE-2024-30260", url: "https://bugzilla.suse.com/1222530", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-16T09:32:01Z", details: "low", }, ], title: "CVE-2024-30260", }, { cve: "CVE-2024-30261", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-30261", }, ], notes: [ { category: "general", text: "Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-30261", url: "https://www.suse.com/security/cve/CVE-2024-30261", }, { category: "external", summary: "SUSE Bug 1222603 for CVE-2024-30261", url: "https://bugzilla.suse.com/1222603", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-devel-18.20.1-8.21.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs18-docs-18.20.1-8.21.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.s390x", "SUSE Linux Enterprise Module for Web and Scripting 12:npm18-18.20.1-8.21.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-04-16T09:32:01Z", details: "low", }, ], title: "CVE-2024-30261", }, ], }
RHSA-2024:6667
Vulnerability from csaf_redhat
Published
2024-09-12 21:30
Modified
2025-03-26 10:57
Summary
Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.16.0 release
Notes
Topic
Red Hat OpenShift Dev Spaces 3.16 has been released.
All containers have been updated to include feature enhancements, bug fixes and CVE fixes.
Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.
Details
Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.
The 3.16 release is based on Eclipse Che 7.90 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.
Users still using the v1 standard should migrate as soon as possible.
https://devfile.io/docs/2.2.0/migrating-to-devfile-v2
Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates.
https://access.redhat.com/support/policy/updates/openshift#crw
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Dev Spaces 3.16 has been released.\n\nAll containers have been updated to include feature enhancements, bug fixes and CVE fixes.\n\nFollowing the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\n\nThe 3.16 release is based on Eclipse Che 7.90 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\n\nUsers still using the v1 standard should migrate as soon as possible.\n\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\n\nDev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. \n\nhttps://access.redhat.com/support/policy/updates/openshift#crw", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:6667", url: "https://access.redhat.com/errata/RHSA-2024:6667", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "CRW-6868", url: "https://issues.redhat.com/browse/CRW-6868", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6667.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.16.0 release", tracking: { current_release_date: "2025-03-26T10:57:52+00:00", generator: { date: "2025-03-26T10:57:52+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:6667", initial_release_date: "2024-09-12T21:30:49+00:00", revision_history: [ { date: "2024-09-12T21:30:49+00:00", number: "1", summary: "Initial version", }, { date: "2024-09-12T21:30:49+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-26T10:57:52+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Dev Spaces 3", product: { name: "Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3", product_identification_helper: { cpe: "cpe:/a:redhat:openshift_devspaces:3::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Dev Spaces", }, { branches: [ { category: "product_version", name: "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", product: { name: "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", product_id: "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", product_identification_helper: { purl: "pkg:oci/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4?arch=amd64&repository_url=registry.redhat.io/devspaces/code-rhel8&tag=3.16-20", }, }, }, { category: "product_version", name: "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", product: { name: "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", product_id: "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", product_identification_helper: { purl: "pkg:oci/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64?arch=amd64&repository_url=registry.redhat.io/devspaces/configbump-rhel8&tag=3.16-4", }, }, }, { category: "product_version", name: "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", product: { name: "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", product_id: "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", product_identification_helper: { purl: "pkg:oci/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09?arch=amd64&repository_url=registry.redhat.io/devspaces/dashboard-rhel8&tag=3.16-27", }, }, }, { category: "product_version", name: "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", product: { name: "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", product_id: "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", product_identification_helper: { purl: "pkg:oci/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b?arch=amd64&repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8&tag=3.16-67", }, }, }, { category: "product_version", name: "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", product: { name: "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", product_id: "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", product_identification_helper: { purl: "pkg:oci/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512?arch=amd64&repository_url=registry.redhat.io/devspaces/idea-rhel8&tag=3.16-3", }, }, }, { category: "product_version", name: "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", product: { name: "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", product_id: "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", product_identification_helper: { purl: "pkg:oci/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c?arch=amd64&repository_url=registry.redhat.io/devspaces/imagepuller-rhel8&tag=3.16-3", }, }, }, { category: "product_version", name: "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", product: { name: "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", product_id: "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", product_identification_helper: { purl: "pkg:oci/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724?arch=amd64&repository_url=registry.redhat.io/devspaces/machineexec-rhel8&tag=3.16-6", }, }, }, { category: "product_version", name: "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", product: { name: "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", product_id: "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", product_identification_helper: { purl: "pkg:oci/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba?arch=amd64&repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle&tag=3.16-70", }, }, }, { category: "product_version", name: "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", product: { name: "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", product_id: "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", product_identification_helper: { purl: "pkg:oci/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639?arch=amd64&repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8&tag=3.16-16", }, }, }, { category: "product_version", name: "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", product: { name: "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", product_id: "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", product_identification_helper: { purl: "pkg:oci/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3?arch=amd64&repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator&tag=3.16-11", }, }, }, { category: "product_version", name: "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", product: { name: "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", product_id: "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", product_identification_helper: { purl: "pkg:oci/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235?arch=amd64&repository_url=registry.redhat.io/devspaces/server-rhel8&tag=3.16-14", }, }, }, { category: "product_version", name: "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", product: { name: "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", product_id: "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", product_identification_helper: { purl: "pkg:oci/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a?arch=amd64&repository_url=registry.redhat.io/devspaces/traefik-rhel8&tag=3.16-2", }, }, }, { category: "product_version", name: "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", product: { name: "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", product_id: "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", product_identification_helper: { purl: "pkg:oci/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef?arch=amd64&repository_url=registry.redhat.io/devspaces/udi-rhel8&tag=3.16-6", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", product: { name: "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", product_id: "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", product_identification_helper: { purl: "pkg:oci/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e?arch=ppc64le&repository_url=registry.redhat.io/devspaces/code-rhel8&tag=3.16-20", }, }, }, { category: "product_version", name: "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", product: { name: "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", product_id: "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", product_identification_helper: { purl: "pkg:oci/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8?arch=ppc64le&repository_url=registry.redhat.io/devspaces/configbump-rhel8&tag=3.16-4", }, }, }, { category: "product_version", name: "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", product: { name: "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", product_id: "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", product_identification_helper: { purl: "pkg:oci/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6?arch=ppc64le&repository_url=registry.redhat.io/devspaces/dashboard-rhel8&tag=3.16-27", }, }, }, { category: "product_version", name: "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", product: { name: "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", product_id: "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", product_identification_helper: { purl: "pkg:oci/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f?arch=ppc64le&repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8&tag=3.16-67", }, }, }, { category: "product_version", name: "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", product: { name: "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", product_id: "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", product_identification_helper: { purl: "pkg:oci/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244?arch=ppc64le&repository_url=registry.redhat.io/devspaces/imagepuller-rhel8&tag=3.16-3", }, }, }, { category: "product_version", name: "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", product: { name: "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", product_id: "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", product_identification_helper: { purl: "pkg:oci/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7?arch=ppc64le&repository_url=registry.redhat.io/devspaces/machineexec-rhel8&tag=3.16-6", }, }, }, { category: "product_version", name: "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", product: { name: "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", product_id: "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", product_identification_helper: { purl: "pkg:oci/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5?arch=ppc64le&repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle&tag=3.16-70", }, }, }, { category: "product_version", name: "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", product: { name: "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", product_id: "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", product_identification_helper: { purl: "pkg:oci/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16?arch=ppc64le&repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8&tag=3.16-16", }, }, }, { category: "product_version", name: "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", product: { name: "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", product_id: "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", product_identification_helper: { purl: "pkg:oci/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433?arch=ppc64le&repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator&tag=3.16-11", }, }, }, { category: "product_version", name: "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", product: { name: "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", product_id: "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", product_identification_helper: { purl: "pkg:oci/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67?arch=ppc64le&repository_url=registry.redhat.io/devspaces/server-rhel8&tag=3.16-14", }, }, }, { category: "product_version", name: "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", product: { name: "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", product_id: "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", product_identification_helper: { purl: "pkg:oci/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64?arch=ppc64le&repository_url=registry.redhat.io/devspaces/traefik-rhel8&tag=3.16-2", }, }, }, { category: "product_version", name: "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", product: { name: "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", product_id: "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", product_identification_helper: { purl: "pkg:oci/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef?arch=ppc64le&repository_url=registry.redhat.io/devspaces/udi-rhel8&tag=3.16-6", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", product: { name: "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", product_id: "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", product_identification_helper: { purl: "pkg:oci/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612?arch=s390x&repository_url=registry.redhat.io/devspaces/code-rhel8&tag=3.16-20", }, }, }, { category: "product_version", name: "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", product: { name: "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", product_id: "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", product_identification_helper: { purl: "pkg:oci/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af?arch=s390x&repository_url=registry.redhat.io/devspaces/configbump-rhel8&tag=3.16-4", }, }, }, { category: "product_version", name: "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", product: { name: "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", product_id: "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", product_identification_helper: { purl: "pkg:oci/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b?arch=s390x&repository_url=registry.redhat.io/devspaces/dashboard-rhel8&tag=3.16-27", }, }, }, { category: "product_version", name: "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", product: { name: "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", product_id: "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", product_identification_helper: { purl: "pkg:oci/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936?arch=s390x&repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8&tag=3.16-67", }, }, }, { category: "product_version", name: "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", product: { name: "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", product_id: "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", product_identification_helper: { purl: "pkg:oci/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a?arch=s390x&repository_url=registry.redhat.io/devspaces/imagepuller-rhel8&tag=3.16-3", }, }, }, { category: "product_version", name: "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", product: { name: "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", product_id: "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", product_identification_helper: { purl: "pkg:oci/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81?arch=s390x&repository_url=registry.redhat.io/devspaces/machineexec-rhel8&tag=3.16-6", }, }, }, { category: "product_version", name: "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", product: { name: "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", product_id: "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", product_identification_helper: { purl: "pkg:oci/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa?arch=s390x&repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle&tag=3.16-70", }, }, }, { category: "product_version", name: "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", product: { name: "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", product_id: "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", product_identification_helper: { purl: "pkg:oci/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8?arch=s390x&repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8&tag=3.16-16", }, }, }, { category: "product_version", name: "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", product: { name: "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", product_id: "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", product_identification_helper: { purl: "pkg:oci/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2?arch=s390x&repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator&tag=3.16-11", }, }, }, { category: "product_version", name: "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", product: { name: "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", product_id: "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", product_identification_helper: { purl: "pkg:oci/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa?arch=s390x&repository_url=registry.redhat.io/devspaces/server-rhel8&tag=3.16-14", }, }, }, { category: "product_version", name: "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", product: { name: "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", product_id: "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", product_identification_helper: { purl: "pkg:oci/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158?arch=s390x&repository_url=registry.redhat.io/devspaces/traefik-rhel8&tag=3.16-2", }, }, }, { category: "product_version", name: "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", product: { name: "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", product_id: "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", product_identification_helper: { purl: "pkg:oci/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661?arch=s390x&repository_url=registry.redhat.io/devspaces/udi-rhel8&tag=3.16-6", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", }, product_reference: "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", }, product_reference: "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", }, product_reference: "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", }, product_reference: "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", }, product_reference: "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", }, product_reference: "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", }, product_reference: "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", }, product_reference: "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", }, product_reference: "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", }, product_reference: "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", }, product_reference: "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", }, product_reference: "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", }, product_reference: "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", }, product_reference: "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", }, product_reference: "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", }, product_reference: "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", }, product_reference: "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", }, product_reference: "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", }, product_reference: "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", }, product_reference: "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", }, product_reference: "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", }, product_reference: "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", }, product_reference: "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", }, product_reference: "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", }, product_reference: "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", }, product_reference: "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", }, product_reference: "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", }, product_reference: "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", }, product_reference: "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", }, product_reference: "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", }, product_reference: "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", }, product_reference: "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", }, product_reference: "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", }, product_reference: "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", }, product_reference: "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", }, product_reference: "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", }, product_reference: "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, ], }, vulnerabilities: [ { cve: "CVE-2021-0341", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, discovery_date: "2022-10-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2154086", }, ], notes: [ { category: "description", text: "In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069", title: "Vulnerability description", }, { category: "summary", text: "okhttp: information disclosure via improperly used cryptographic function", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", ], known_not_affected: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-0341", }, { category: "external", summary: "RHBZ#2154086", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2154086", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-0341", url: "https://www.cve.org/CVERecord?id=CVE-2021-0341", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-0341", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-0341", }, { category: "external", summary: "https://source.android.com/security/bulletin/2021-02-01", url: "https://source.android.com/security/bulletin/2021-02-01", }, ], release_date: "2021-02-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-12T21:30:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6667", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "okhttp: information disclosure via improperly used cryptographic function", }, { cve: "CVE-2023-3635", cwe: { id: "CWE-248", name: "Uncaught Exception", }, discovery_date: "2023-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2229295", }, ], notes: [ { category: "description", text: "A flaw was found in SquareUp Okio. A class GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This issue may allow a malicious user to start processing a malformed file, which can result in a Denial of Service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "okio: GzipSource class improper exception handling", title: "Vulnerability summary", }, { category: "other", text: "Red Hat JBoss Enterprise Application Platform XP does contain Okio package but is not using GzipSource.java, which is the affected class.\nRed Hat support for Spring Boot is considered low impact as it's used by Dekorate during compilation process and not included in the resulting Jar.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3635", }, { category: "external", summary: "RHBZ#2229295", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2229295", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3635", url: "https://www.cve.org/CVERecord?id=CVE-2023-3635", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3635", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3635", }, ], release_date: "2023-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-12T21:30:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6667", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "okio: GzipSource class improper exception handling", }, { cve: "CVE-2024-6345", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, discovery_date: "2024-07-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2297771", }, ], notes: [ { category: "description", text: "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", title: "Vulnerability description", }, { category: "summary", text: "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools", title: "Vulnerability summary", }, { category: "other", text: "Red Hat OpenStack does not include setuptools. The ImcSdk component uses it only during compile time in our build systems, and we do not support recompiling SRPMs. As a result, Red Hat OpenStack is not affected by this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-6345", }, { category: "external", summary: "RHBZ#2297771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2297771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-6345", url: "https://www.cve.org/CVERecord?id=CVE-2024-6345", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-6345", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-6345", }, { category: "external", summary: "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0", url: "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0", }, { category: "external", summary: "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5", url: "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5", }, ], release_date: "2024-07-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-12T21:30:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6667", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools", }, { cve: "CVE-2024-22234", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2024-02-20T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2265172", }, ], notes: [ { category: "description", text: "A vulnerability was found in Spring Security. This issue may lead to Broken Access Control, allowing a malicious user to impact the Confidentiality and Integrity of an application or server. This requires the application to use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and have a null authentication parameter passed to it, resulting in an erroneous true return value.", title: "Vulnerability description", }, { category: "summary", text: "spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated", title: "Vulnerability summary", }, { category: "other", text: "Red Hat considers this as a Moderate impact since it requires the malicious user to have knowledge of how a server implements the authentication resolver from Spring Security. A validation is also suggested to make sure there are no null parameters and no erroneous true is triggered from this method.\n\nAn application is not vulnerable if any of the following are true:\n- The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly\n- The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated\n- The application only uses isFullyAuthenticated via Method Security or HTTP Request Security", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", ], known_not_affected: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-22234", }, { category: "external", summary: "RHBZ#2265172", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2265172", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-22234", url: "https://www.cve.org/CVERecord?id=CVE-2024-22234", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-22234", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22234", }, { category: "external", summary: "https://spring.io/security/cve-2024-22234", url: "https://spring.io/security/cve-2024-22234", }, ], release_date: "2024-02-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-12T21:30:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6667", }, { category: "workaround", details: "Make sure the application is not vulnerable according to the description bullet points mentioned in this page.", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated", }, { cve: "CVE-2024-30260", cwe: { id: "CWE-285", name: "Improper Authorization", }, discovery_date: "2024-04-04T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2273522", }, ], notes: [ { category: "description", text: "A flaw was found in the nodejs-undici package. Proxy-Authorization headers are not cleared on cross-origin redirects, which can allow for the exposure of sensitive data or allow an attacker to capture the persistent proxy-authentication header.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", ], known_not_affected: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-30260", }, { category: "external", summary: "RHBZ#2273522", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2273522", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-30260", url: "https://www.cve.org/CVERecord?id=CVE-2024-30260", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-30260", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-30260", }, ], release_date: "2024-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-12T21:30:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6667", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "nodejs-undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline", }, { cve: "CVE-2024-30261", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2024-04-04T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2273519", }, ], notes: [ { category: "description", text: "A flaw was found in the nodejs-undici package. This issue may allow an attacker to alter the integrity option passed to fetch(), allowing fetch() to accept requests as valid even if they have been tampered with.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-undici: fetch() with integrity option is too lax when algorithm is specified but hash value is in incorrect", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", ], known_not_affected: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-30261", }, { category: "external", summary: "RHBZ#2273519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2273519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-30261", url: "https://www.cve.org/CVERecord?id=CVE-2024-30261", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-30261", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-30261", }, ], release_date: "2024-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-12T21:30:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6667", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.6, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "nodejs-undici: fetch() with integrity option is too lax when algorithm is specified but hash value is in incorrect", }, { cve: "CVE-2024-39338", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-08-13T17:21:32.774718+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2304369", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.", title: "Vulnerability description", }, { category: "summary", text: "axios: axios: Server-Side Request Forgery", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", ], known_not_affected: [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-39338", }, { category: "external", summary: "RHBZ#2304369", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2304369", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-39338", url: "https://www.cve.org/CVERecord?id=CVE-2024-39338", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", }, { category: "external", summary: "https://github.com/axios/axios/releases", url: "https://github.com/axios/axios/releases", }, { category: "external", summary: "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", url: "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", }, ], release_date: "2024-08-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-12T21:30:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6667", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "axios: axios: Server-Side Request Forgery", }, ], }
rhsa-2024:6667
Vulnerability from csaf_redhat
Published
2024-09-12 21:30
Modified
2025-03-26 10:57
Summary
Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.16.0 release
Notes
Topic
Red Hat OpenShift Dev Spaces 3.16 has been released.
All containers have been updated to include feature enhancements, bug fixes and CVE fixes.
Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.
Details
Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.
The 3.16 release is based on Eclipse Che 7.90 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.
Users still using the v1 standard should migrate as soon as possible.
https://devfile.io/docs/2.2.0/migrating-to-devfile-v2
Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates.
https://access.redhat.com/support/policy/updates/openshift#crw
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Dev Spaces 3.16 has been released.\n\nAll containers have been updated to include feature enhancements, bug fixes and CVE fixes.\n\nFollowing the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\n\nThe 3.16 release is based on Eclipse Che 7.90 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\n\nUsers still using the v1 standard should migrate as soon as possible.\n\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\n\nDev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. \n\nhttps://access.redhat.com/support/policy/updates/openshift#crw", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:6667", url: "https://access.redhat.com/errata/RHSA-2024:6667", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "CRW-6868", url: "https://issues.redhat.com/browse/CRW-6868", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6667.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.16.0 release", tracking: { current_release_date: "2025-03-26T10:57:52+00:00", generator: { date: "2025-03-26T10:57:52+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2024:6667", initial_release_date: "2024-09-12T21:30:49+00:00", revision_history: [ { date: "2024-09-12T21:30:49+00:00", number: "1", summary: "Initial version", }, { date: "2024-09-12T21:30:49+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-26T10:57:52+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Dev Spaces 3", product: { name: "Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3", product_identification_helper: { cpe: "cpe:/a:redhat:openshift_devspaces:3::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Dev Spaces", }, { branches: [ { category: "product_version", name: "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", product: { name: "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", product_id: "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", product_identification_helper: { purl: "pkg:oci/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4?arch=amd64&repository_url=registry.redhat.io/devspaces/code-rhel8&tag=3.16-20", }, }, }, { category: "product_version", name: "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", product: { name: "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", product_id: "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", product_identification_helper: { purl: "pkg:oci/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64?arch=amd64&repository_url=registry.redhat.io/devspaces/configbump-rhel8&tag=3.16-4", }, }, }, { category: "product_version", name: "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", product: { name: "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", product_id: "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", product_identification_helper: { purl: "pkg:oci/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09?arch=amd64&repository_url=registry.redhat.io/devspaces/dashboard-rhel8&tag=3.16-27", }, }, }, { category: "product_version", name: "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", product: { name: "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", product_id: "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", product_identification_helper: { purl: "pkg:oci/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b?arch=amd64&repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8&tag=3.16-67", }, }, }, { category: "product_version", name: "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", product: { name: "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", product_id: "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", product_identification_helper: { purl: "pkg:oci/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512?arch=amd64&repository_url=registry.redhat.io/devspaces/idea-rhel8&tag=3.16-3", }, }, }, { category: "product_version", name: "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", product: { name: "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", product_id: "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", product_identification_helper: { purl: "pkg:oci/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c?arch=amd64&repository_url=registry.redhat.io/devspaces/imagepuller-rhel8&tag=3.16-3", }, }, }, { category: "product_version", name: "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", product: { name: "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", product_id: "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", product_identification_helper: { purl: "pkg:oci/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724?arch=amd64&repository_url=registry.redhat.io/devspaces/machineexec-rhel8&tag=3.16-6", }, }, }, { category: "product_version", name: "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", product: { name: "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", product_id: "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", product_identification_helper: { purl: "pkg:oci/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba?arch=amd64&repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle&tag=3.16-70", }, }, }, { category: "product_version", name: "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", product: { name: "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", product_id: "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", product_identification_helper: { purl: "pkg:oci/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639?arch=amd64&repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8&tag=3.16-16", }, }, }, { category: "product_version", name: "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", product: { name: "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", product_id: "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", product_identification_helper: { purl: "pkg:oci/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3?arch=amd64&repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator&tag=3.16-11", }, }, }, { category: "product_version", name: "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", product: { name: "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", product_id: "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", product_identification_helper: { purl: "pkg:oci/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235?arch=amd64&repository_url=registry.redhat.io/devspaces/server-rhel8&tag=3.16-14", }, }, }, { category: "product_version", name: "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", product: { name: "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", product_id: "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", product_identification_helper: { purl: "pkg:oci/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a?arch=amd64&repository_url=registry.redhat.io/devspaces/traefik-rhel8&tag=3.16-2", }, }, }, { category: "product_version", name: "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", product: { name: "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", product_id: "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", product_identification_helper: { purl: "pkg:oci/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef?arch=amd64&repository_url=registry.redhat.io/devspaces/udi-rhel8&tag=3.16-6", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", product: { name: "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", product_id: "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", product_identification_helper: { purl: "pkg:oci/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e?arch=ppc64le&repository_url=registry.redhat.io/devspaces/code-rhel8&tag=3.16-20", }, }, }, { category: "product_version", name: "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", product: { name: "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", product_id: "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", product_identification_helper: { purl: "pkg:oci/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8?arch=ppc64le&repository_url=registry.redhat.io/devspaces/configbump-rhel8&tag=3.16-4", }, }, }, { category: "product_version", name: "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", product: { name: "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", product_id: "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", product_identification_helper: { purl: "pkg:oci/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6?arch=ppc64le&repository_url=registry.redhat.io/devspaces/dashboard-rhel8&tag=3.16-27", }, }, }, { category: "product_version", name: "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", product: { name: "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", product_id: "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", product_identification_helper: { purl: "pkg:oci/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f?arch=ppc64le&repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8&tag=3.16-67", }, }, }, { category: "product_version", name: "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", product: { name: "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", product_id: "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", product_identification_helper: { purl: "pkg:oci/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244?arch=ppc64le&repository_url=registry.redhat.io/devspaces/imagepuller-rhel8&tag=3.16-3", }, }, }, { category: "product_version", name: "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", product: { name: "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", product_id: "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", product_identification_helper: { purl: "pkg:oci/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7?arch=ppc64le&repository_url=registry.redhat.io/devspaces/machineexec-rhel8&tag=3.16-6", }, }, }, { category: "product_version", name: "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", product: { name: "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", product_id: "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", product_identification_helper: { purl: "pkg:oci/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5?arch=ppc64le&repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle&tag=3.16-70", }, }, }, { category: "product_version", name: "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", product: { name: "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", product_id: "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", product_identification_helper: { purl: "pkg:oci/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16?arch=ppc64le&repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8&tag=3.16-16", }, }, }, { category: "product_version", name: "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", product: { name: "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", product_id: "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", product_identification_helper: { purl: "pkg:oci/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433?arch=ppc64le&repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator&tag=3.16-11", }, }, }, { category: "product_version", name: "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", product: { name: "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", product_id: "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", product_identification_helper: { purl: "pkg:oci/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67?arch=ppc64le&repository_url=registry.redhat.io/devspaces/server-rhel8&tag=3.16-14", }, }, }, { category: "product_version", name: "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", product: { name: "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", product_id: "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", product_identification_helper: { purl: "pkg:oci/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64?arch=ppc64le&repository_url=registry.redhat.io/devspaces/traefik-rhel8&tag=3.16-2", }, }, }, { category: "product_version", name: "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", product: { name: "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", product_id: "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", product_identification_helper: { purl: "pkg:oci/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef?arch=ppc64le&repository_url=registry.redhat.io/devspaces/udi-rhel8&tag=3.16-6", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", product: { name: "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", product_id: "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", product_identification_helper: { purl: "pkg:oci/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612?arch=s390x&repository_url=registry.redhat.io/devspaces/code-rhel8&tag=3.16-20", }, }, }, { category: "product_version", name: "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", product: { name: "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", product_id: "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", product_identification_helper: { purl: "pkg:oci/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af?arch=s390x&repository_url=registry.redhat.io/devspaces/configbump-rhel8&tag=3.16-4", }, }, }, { category: "product_version", name: "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", product: { name: "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", product_id: "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", product_identification_helper: { purl: "pkg:oci/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b?arch=s390x&repository_url=registry.redhat.io/devspaces/dashboard-rhel8&tag=3.16-27", }, }, }, { category: "product_version", name: "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", product: { name: "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", product_id: "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", product_identification_helper: { purl: "pkg:oci/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936?arch=s390x&repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8&tag=3.16-67", }, }, }, { category: "product_version", name: "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", product: { name: "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", product_id: "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", product_identification_helper: { purl: "pkg:oci/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a?arch=s390x&repository_url=registry.redhat.io/devspaces/imagepuller-rhel8&tag=3.16-3", }, }, }, { category: "product_version", name: "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", product: { name: "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", product_id: "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", product_identification_helper: { purl: "pkg:oci/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81?arch=s390x&repository_url=registry.redhat.io/devspaces/machineexec-rhel8&tag=3.16-6", }, }, }, { category: "product_version", name: "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", product: { name: "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", product_id: "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", product_identification_helper: { purl: "pkg:oci/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa?arch=s390x&repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle&tag=3.16-70", }, }, }, { category: "product_version", name: "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", product: { name: "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", product_id: "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", product_identification_helper: { purl: "pkg:oci/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8?arch=s390x&repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8&tag=3.16-16", }, }, }, { category: "product_version", name: "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", product: { name: "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", product_id: "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", product_identification_helper: { purl: "pkg:oci/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2?arch=s390x&repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator&tag=3.16-11", }, }, }, { category: "product_version", name: "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", product: { name: "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", product_id: "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", product_identification_helper: { purl: "pkg:oci/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa?arch=s390x&repository_url=registry.redhat.io/devspaces/server-rhel8&tag=3.16-14", }, }, }, { category: "product_version", name: "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", product: { name: "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", product_id: "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", product_identification_helper: { purl: "pkg:oci/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158?arch=s390x&repository_url=registry.redhat.io/devspaces/traefik-rhel8&tag=3.16-2", }, }, }, { category: "product_version", name: "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", product: { name: "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", product_id: "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", product_identification_helper: { purl: "pkg:oci/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661?arch=s390x&repository_url=registry.redhat.io/devspaces/udi-rhel8&tag=3.16-6", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", }, product_reference: "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", }, product_reference: "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", }, product_reference: "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", }, product_reference: "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", }, product_reference: "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", }, product_reference: "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", }, product_reference: "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", }, product_reference: "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", }, product_reference: "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", }, product_reference: "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", }, product_reference: "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", }, product_reference: "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", }, product_reference: "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", }, product_reference: "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", }, product_reference: "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", }, product_reference: "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", }, product_reference: "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", }, product_reference: "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", }, product_reference: "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", }, product_reference: "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", }, product_reference: "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", }, product_reference: "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", }, product_reference: "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", }, product_reference: "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", }, product_reference: "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", }, product_reference: "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", }, product_reference: "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", }, product_reference: "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", }, product_reference: "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", }, product_reference: "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", }, product_reference: "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", }, product_reference: "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", }, product_reference: "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", }, product_reference: "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", }, product_reference: "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", }, product_reference: "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", }, product_reference: "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, ], }, vulnerabilities: [ { cve: "CVE-2021-0341", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, discovery_date: "2022-10-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2154086", }, ], notes: [ { category: "description", text: "In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069", title: "Vulnerability description", }, { category: "summary", text: "okhttp: information disclosure via improperly used cryptographic function", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", ], known_not_affected: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-0341", }, { category: "external", summary: "RHBZ#2154086", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2154086", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-0341", url: "https://www.cve.org/CVERecord?id=CVE-2021-0341", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-0341", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-0341", }, { category: "external", summary: "https://source.android.com/security/bulletin/2021-02-01", url: "https://source.android.com/security/bulletin/2021-02-01", }, ], release_date: "2021-02-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-12T21:30:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6667", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "okhttp: information disclosure via improperly used cryptographic function", }, { cve: "CVE-2023-3635", cwe: { id: "CWE-248", name: "Uncaught Exception", }, discovery_date: "2023-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2229295", }, ], notes: [ { category: "description", text: "A flaw was found in SquareUp Okio. A class GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This issue may allow a malicious user to start processing a malformed file, which can result in a Denial of Service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "okio: GzipSource class improper exception handling", title: "Vulnerability summary", }, { category: "other", text: "Red Hat JBoss Enterprise Application Platform XP does contain Okio package but is not using GzipSource.java, which is the affected class.\nRed Hat support for Spring Boot is considered low impact as it's used by Dekorate during compilation process and not included in the resulting Jar.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3635", }, { category: "external", summary: "RHBZ#2229295", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2229295", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3635", url: "https://www.cve.org/CVERecord?id=CVE-2023-3635", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3635", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3635", }, ], release_date: "2023-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-12T21:30:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6667", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "okio: GzipSource class improper exception handling", }, { cve: "CVE-2024-6345", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, discovery_date: "2024-07-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2297771", }, ], notes: [ { category: "description", text: "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", title: "Vulnerability description", }, { category: "summary", text: "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools", title: "Vulnerability summary", }, { category: "other", text: "Red Hat OpenStack does not include setuptools. The ImcSdk component uses it only during compile time in our build systems, and we do not support recompiling SRPMs. As a result, Red Hat OpenStack is not affected by this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-6345", }, { category: "external", summary: "RHBZ#2297771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2297771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-6345", url: "https://www.cve.org/CVERecord?id=CVE-2024-6345", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-6345", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-6345", }, { category: "external", summary: "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0", url: "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0", }, { category: "external", summary: "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5", url: "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5", }, ], release_date: "2024-07-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-12T21:30:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6667", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools", }, { cve: "CVE-2024-22234", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2024-02-20T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2265172", }, ], notes: [ { category: "description", text: "A vulnerability was found in Spring Security. This issue may lead to Broken Access Control, allowing a malicious user to impact the Confidentiality and Integrity of an application or server. This requires the application to use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and have a null authentication parameter passed to it, resulting in an erroneous true return value.", title: "Vulnerability description", }, { category: "summary", text: "spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated", title: "Vulnerability summary", }, { category: "other", text: "Red Hat considers this as a Moderate impact since it requires the malicious user to have knowledge of how a server implements the authentication resolver from Spring Security. A validation is also suggested to make sure there are no null parameters and no erroneous true is triggered from this method.\n\nAn application is not vulnerable if any of the following are true:\n- The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly\n- The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated\n- The application only uses isFullyAuthenticated via Method Security or HTTP Request Security", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", ], known_not_affected: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-22234", }, { category: "external", summary: "RHBZ#2265172", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2265172", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-22234", url: "https://www.cve.org/CVERecord?id=CVE-2024-22234", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-22234", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22234", }, { category: "external", summary: "https://spring.io/security/cve-2024-22234", url: "https://spring.io/security/cve-2024-22234", }, ], release_date: "2024-02-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-12T21:30:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6667", }, { category: "workaround", details: "Make sure the application is not vulnerable according to the description bullet points mentioned in this page.", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated", }, { cve: "CVE-2024-30260", cwe: { id: "CWE-285", name: "Improper Authorization", }, discovery_date: "2024-04-04T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2273522", }, ], notes: [ { category: "description", text: "A flaw was found in the nodejs-undici package. Proxy-Authorization headers are not cleared on cross-origin redirects, which can allow for the exposure of sensitive data or allow an attacker to capture the persistent proxy-authentication header.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", ], known_not_affected: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-30260", }, { category: "external", summary: "RHBZ#2273522", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2273522", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-30260", url: "https://www.cve.org/CVERecord?id=CVE-2024-30260", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-30260", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-30260", }, ], release_date: "2024-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-12T21:30:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6667", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "nodejs-undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline", }, { cve: "CVE-2024-30261", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2024-04-04T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2273519", }, ], notes: [ { category: "description", text: "A flaw was found in the nodejs-undici package. This issue may allow an attacker to alter the integrity option passed to fetch(), allowing fetch() to accept requests as valid even if they have been tampered with.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-undici: fetch() with integrity option is too lax when algorithm is specified but hash value is in incorrect", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", ], known_not_affected: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-30261", }, { category: "external", summary: "RHBZ#2273519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2273519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-30261", url: "https://www.cve.org/CVERecord?id=CVE-2024-30261", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-30261", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-30261", }, ], release_date: "2024-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-12T21:30:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6667", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.6, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "nodejs-undici: fetch() with integrity option is too lax when algorithm is specified but hash value is in incorrect", }, { cve: "CVE-2024-39338", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-08-13T17:21:32.774718+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2304369", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.", title: "Vulnerability description", }, { category: "summary", text: "axios: axios: Server-Side Request Forgery", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", ], known_not_affected: [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-39338", }, { category: "external", summary: "RHBZ#2304369", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2304369", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-39338", url: "https://www.cve.org/CVERecord?id=CVE-2024-39338", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", }, { category: "external", summary: "https://github.com/axios/axios/releases", url: "https://github.com/axios/axios/releases", }, { category: "external", summary: "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", url: "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", }, ], release_date: "2024-08-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-12T21:30:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6667", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "axios: axios: Server-Side Request Forgery", }, ], }
rhsa-2024_6667
Vulnerability from csaf_redhat
Published
2024-09-12 21:30
Modified
2024-12-18 05:26
Summary
Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.16.0 release
Notes
Topic
Red Hat OpenShift Dev Spaces 3.16 has been released.
All containers have been updated to include feature enhancements, bug fixes and CVE fixes.
Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.
Details
Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.
The 3.16 release is based on Eclipse Che 7.90 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.
Users still using the v1 standard should migrate as soon as possible.
https://devfile.io/docs/2.2.0/migrating-to-devfile-v2
Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates.
https://access.redhat.com/support/policy/updates/openshift#crw
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat OpenShift Dev Spaces 3.16 has been released.\n\nAll containers have been updated to include feature enhancements, bug fixes and CVE fixes.\n\nFollowing the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.", title: "Topic", }, { category: "general", text: "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\n\nThe 3.16 release is based on Eclipse Che 7.90 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\n\nUsers still using the v1 standard should migrate as soon as possible.\n\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\n\nDev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. \n\nhttps://access.redhat.com/support/policy/updates/openshift#crw", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2024:6667", url: "https://access.redhat.com/errata/RHSA-2024:6667", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#important", url: "https://access.redhat.com/security/updates/classification/#important", }, { category: "external", summary: "CRW-6868", url: "https://issues.redhat.com/browse/CRW-6868", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6667.json", }, ], title: "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.16.0 release", tracking: { current_release_date: "2024-12-18T05:26:37+00:00", generator: { date: "2024-12-18T05:26:37+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.3", }, }, id: "RHSA-2024:6667", initial_release_date: "2024-09-12T21:30:49+00:00", revision_history: [ { date: "2024-09-12T21:30:49+00:00", number: "1", summary: "Initial version", }, { date: "2024-09-12T21:30:49+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-18T05:26:37+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat OpenShift Dev Spaces 3", product: { name: "Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3", product_identification_helper: { cpe: "cpe:/a:redhat:openshift_devspaces:3::el8", }, }, }, ], category: "product_family", name: "Red Hat OpenShift Dev Spaces", }, { branches: [ { category: "product_version", name: "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", product: { name: "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", product_id: "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", product_identification_helper: { purl: "pkg:oci/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4?arch=amd64&repository_url=registry.redhat.io/devspaces/code-rhel8&tag=3.16-20", }, }, }, { category: "product_version", name: "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", product: { name: "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", product_id: "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", product_identification_helper: { purl: "pkg:oci/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64?arch=amd64&repository_url=registry.redhat.io/devspaces/configbump-rhel8&tag=3.16-4", }, }, }, { category: "product_version", name: "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", product: { name: "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", product_id: "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", product_identification_helper: { purl: "pkg:oci/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09?arch=amd64&repository_url=registry.redhat.io/devspaces/dashboard-rhel8&tag=3.16-27", }, }, }, { category: "product_version", name: "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", product: { name: "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", product_id: "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", product_identification_helper: { purl: "pkg:oci/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b?arch=amd64&repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8&tag=3.16-67", }, }, }, { category: "product_version", name: "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", product: { name: "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", product_id: "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", product_identification_helper: { purl: "pkg:oci/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512?arch=amd64&repository_url=registry.redhat.io/devspaces/idea-rhel8&tag=3.16-3", }, }, }, { category: "product_version", name: "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", product: { name: "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", product_id: "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", product_identification_helper: { purl: "pkg:oci/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c?arch=amd64&repository_url=registry.redhat.io/devspaces/imagepuller-rhel8&tag=3.16-3", }, }, }, { category: "product_version", name: "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", product: { name: "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", product_id: "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", product_identification_helper: { purl: "pkg:oci/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724?arch=amd64&repository_url=registry.redhat.io/devspaces/machineexec-rhel8&tag=3.16-6", }, }, }, { category: "product_version", name: "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", product: { name: "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", product_id: "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", product_identification_helper: { purl: "pkg:oci/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba?arch=amd64&repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle&tag=3.16-70", }, }, }, { category: "product_version", name: "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", product: { name: "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", product_id: "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", product_identification_helper: { purl: "pkg:oci/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639?arch=amd64&repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8&tag=3.16-16", }, }, }, { category: "product_version", name: "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", product: { name: "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", product_id: "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", product_identification_helper: { purl: "pkg:oci/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3?arch=amd64&repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator&tag=3.16-11", }, }, }, { category: "product_version", name: "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", product: { name: "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", product_id: "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", product_identification_helper: { purl: "pkg:oci/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235?arch=amd64&repository_url=registry.redhat.io/devspaces/server-rhel8&tag=3.16-14", }, }, }, { category: "product_version", name: "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", product: { name: "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", product_id: "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", product_identification_helper: { purl: "pkg:oci/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a?arch=amd64&repository_url=registry.redhat.io/devspaces/traefik-rhel8&tag=3.16-2", }, }, }, { category: "product_version", name: "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", product: { name: "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", product_id: "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", product_identification_helper: { purl: "pkg:oci/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef?arch=amd64&repository_url=registry.redhat.io/devspaces/udi-rhel8&tag=3.16-6", }, }, }, ], category: "architecture", name: "amd64", }, { branches: [ { category: "product_version", name: "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", product: { name: "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", product_id: "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", product_identification_helper: { purl: "pkg:oci/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e?arch=ppc64le&repository_url=registry.redhat.io/devspaces/code-rhel8&tag=3.16-20", }, }, }, { category: "product_version", name: "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", product: { name: "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", product_id: "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", product_identification_helper: { purl: "pkg:oci/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8?arch=ppc64le&repository_url=registry.redhat.io/devspaces/configbump-rhel8&tag=3.16-4", }, }, }, { category: "product_version", name: "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", product: { name: "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", product_id: "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", product_identification_helper: { purl: "pkg:oci/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6?arch=ppc64le&repository_url=registry.redhat.io/devspaces/dashboard-rhel8&tag=3.16-27", }, }, }, { category: "product_version", name: "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", product: { name: "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", product_id: "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", product_identification_helper: { purl: "pkg:oci/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f?arch=ppc64le&repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8&tag=3.16-67", }, }, }, { category: "product_version", name: "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", product: { name: "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", product_id: "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", product_identification_helper: { purl: "pkg:oci/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244?arch=ppc64le&repository_url=registry.redhat.io/devspaces/imagepuller-rhel8&tag=3.16-3", }, }, }, { category: "product_version", name: "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", product: { name: "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", product_id: "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", product_identification_helper: { purl: "pkg:oci/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7?arch=ppc64le&repository_url=registry.redhat.io/devspaces/machineexec-rhel8&tag=3.16-6", }, }, }, { category: "product_version", name: "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", product: { name: "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", product_id: "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", product_identification_helper: { purl: "pkg:oci/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5?arch=ppc64le&repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle&tag=3.16-70", }, }, }, { category: "product_version", name: "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", product: { name: "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", product_id: "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", product_identification_helper: { purl: "pkg:oci/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16?arch=ppc64le&repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8&tag=3.16-16", }, }, }, { category: "product_version", name: "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", product: { name: "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", product_id: "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", product_identification_helper: { purl: "pkg:oci/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433?arch=ppc64le&repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator&tag=3.16-11", }, }, }, { category: "product_version", name: "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", product: { name: "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", product_id: "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", product_identification_helper: { purl: "pkg:oci/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67?arch=ppc64le&repository_url=registry.redhat.io/devspaces/server-rhel8&tag=3.16-14", }, }, }, { category: "product_version", name: "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", product: { name: "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", product_id: "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", product_identification_helper: { purl: "pkg:oci/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64?arch=ppc64le&repository_url=registry.redhat.io/devspaces/traefik-rhel8&tag=3.16-2", }, }, }, { category: "product_version", name: "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", product: { name: "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", product_id: "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", product_identification_helper: { purl: "pkg:oci/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef?arch=ppc64le&repository_url=registry.redhat.io/devspaces/udi-rhel8&tag=3.16-6", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", product: { name: "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", product_id: "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", product_identification_helper: { purl: "pkg:oci/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612?arch=s390x&repository_url=registry.redhat.io/devspaces/code-rhel8&tag=3.16-20", }, }, }, { category: "product_version", name: "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", product: { name: "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", product_id: "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", product_identification_helper: { purl: "pkg:oci/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af?arch=s390x&repository_url=registry.redhat.io/devspaces/configbump-rhel8&tag=3.16-4", }, }, }, { category: "product_version", name: "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", product: { name: "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", product_id: "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", product_identification_helper: { purl: "pkg:oci/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b?arch=s390x&repository_url=registry.redhat.io/devspaces/dashboard-rhel8&tag=3.16-27", }, }, }, { category: "product_version", name: "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", product: { name: "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", product_id: "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", product_identification_helper: { purl: "pkg:oci/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936?arch=s390x&repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8&tag=3.16-67", }, }, }, { category: "product_version", name: "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", product: { name: "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", product_id: "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", product_identification_helper: { purl: "pkg:oci/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a?arch=s390x&repository_url=registry.redhat.io/devspaces/imagepuller-rhel8&tag=3.16-3", }, }, }, { category: "product_version", name: "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", product: { name: "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", product_id: "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", product_identification_helper: { purl: "pkg:oci/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81?arch=s390x&repository_url=registry.redhat.io/devspaces/machineexec-rhel8&tag=3.16-6", }, }, }, { category: "product_version", name: "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", product: { name: "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", product_id: "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", product_identification_helper: { purl: "pkg:oci/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa?arch=s390x&repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle&tag=3.16-70", }, }, }, { category: "product_version", name: "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", product: { name: "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", product_id: "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", product_identification_helper: { purl: "pkg:oci/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8?arch=s390x&repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8&tag=3.16-16", }, }, }, { category: "product_version", name: "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", product: { name: "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", product_id: "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", product_identification_helper: { purl: "pkg:oci/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2?arch=s390x&repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator&tag=3.16-11", }, }, }, { category: "product_version", name: "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", product: { name: "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", product_id: "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", product_identification_helper: { purl: "pkg:oci/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa?arch=s390x&repository_url=registry.redhat.io/devspaces/server-rhel8&tag=3.16-14", }, }, }, { category: "product_version", name: "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", product: { name: "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", product_id: "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", product_identification_helper: { purl: "pkg:oci/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158?arch=s390x&repository_url=registry.redhat.io/devspaces/traefik-rhel8&tag=3.16-2", }, }, }, { category: "product_version", name: "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", product: { name: "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", product_id: "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", product_identification_helper: { purl: "pkg:oci/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661?arch=s390x&repository_url=registry.redhat.io/devspaces/udi-rhel8&tag=3.16-6", }, }, }, ], category: "architecture", name: "s390x", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", }, product_reference: "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", }, product_reference: "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", }, product_reference: "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", }, product_reference: "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", }, product_reference: "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", }, product_reference: "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", }, product_reference: "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", }, product_reference: "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", }, product_reference: "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", }, product_reference: "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", }, product_reference: "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", }, product_reference: "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", }, product_reference: "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", }, product_reference: "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", }, product_reference: "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", }, product_reference: "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", }, product_reference: "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", }, product_reference: "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", }, product_reference: "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", }, product_reference: "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", }, product_reference: "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", }, product_reference: "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", }, product_reference: "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", }, product_reference: "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", }, product_reference: "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", }, product_reference: "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", }, product_reference: "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", }, product_reference: "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", }, product_reference: "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", }, product_reference: "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", }, product_reference: "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", }, product_reference: "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", }, product_reference: "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", }, product_reference: "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", }, product_reference: "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", }, product_reference: "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", relates_to_product_reference: "8Base-RHOSDS-3", }, { category: "default_component_of", full_product_name: { name: "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64 as a component of Red Hat OpenShift Dev Spaces 3", product_id: "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", }, product_reference: "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", relates_to_product_reference: "8Base-RHOSDS-3", }, ], }, vulnerabilities: [ { cve: "CVE-2021-0341", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, discovery_date: "2022-10-13T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2154086", }, ], notes: [ { category: "description", text: "In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069", title: "Vulnerability description", }, { category: "summary", text: "okhttp: information disclosure via improperly used cryptographic function", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", ], known_not_affected: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2021-0341", }, { category: "external", summary: "RHBZ#2154086", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2154086", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2021-0341", url: "https://www.cve.org/CVERecord?id=CVE-2021-0341", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2021-0341", url: "https://nvd.nist.gov/vuln/detail/CVE-2021-0341", }, { category: "external", summary: "https://source.android.com/security/bulletin/2021-02-01", url: "https://source.android.com/security/bulletin/2021-02-01", }, ], release_date: "2021-02-10T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-12T21:30:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6667", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "okhttp: information disclosure via improperly used cryptographic function", }, { cve: "CVE-2023-3635", cwe: { id: "CWE-248", name: "Uncaught Exception", }, discovery_date: "2023-07-12T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2229295", }, ], notes: [ { category: "description", text: "A flaw was found in SquareUp Okio. A class GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This issue may allow a malicious user to start processing a malformed file, which can result in a Denial of Service (DoS).", title: "Vulnerability description", }, { category: "summary", text: "okio: GzipSource class improper exception handling", title: "Vulnerability summary", }, { category: "other", text: "Red Hat JBoss Enterprise Application Platform XP does contain Okio package but is not using GzipSource.java, which is the affected class.\nRed Hat support for Spring Boot is considered low impact as it's used by Dekorate during compilation process and not included in the resulting Jar.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-3635", }, { category: "external", summary: "RHBZ#2229295", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2229295", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-3635", url: "https://www.cve.org/CVERecord?id=CVE-2023-3635", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-3635", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-3635", }, ], release_date: "2023-07-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-12T21:30:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6667", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "okio: GzipSource class improper exception handling", }, { cve: "CVE-2024-6345", cwe: { id: "CWE-94", name: "Improper Control of Generation of Code ('Code Injection')", }, discovery_date: "2024-07-15T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2297771", }, ], notes: [ { category: "description", text: "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.", title: "Vulnerability description", }, { category: "summary", text: "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools", title: "Vulnerability summary", }, { category: "other", text: "Red Hat OpenStack does not include setuptools. The ImcSdk component uses it only during compile time in our build systems, and we do not support recompiling SRPMs. As a result, Red Hat OpenStack is not affected by this flaw.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-6345", }, { category: "external", summary: "RHBZ#2297771", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2297771", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-6345", url: "https://www.cve.org/CVERecord?id=CVE-2024-6345", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-6345", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-6345", }, { category: "external", summary: "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0", url: "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0", }, { category: "external", summary: "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5", url: "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5", }, ], release_date: "2024-07-15T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-12T21:30:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6667", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools", }, { cve: "CVE-2024-22234", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2024-02-20T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2265172", }, ], notes: [ { category: "description", text: "A vulnerability was found in Spring Security. This issue may lead to Broken Access Control, allowing a malicious user to impact the Confidentiality and Integrity of an application or server. This requires the application to use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and have a null authentication parameter passed to it, resulting in an erroneous true return value.", title: "Vulnerability description", }, { category: "summary", text: "spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated", title: "Vulnerability summary", }, { category: "other", text: "Red Hat considers this as a Moderate impact since it requires the malicious user to have knowledge of how a server implements the authentication resolver from Spring Security. A validation is also suggested to make sure there are no null parameters and no erroneous true is triggered from this method.\n\nAn application is not vulnerable if any of the following are true:\n- The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly\n- The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated\n- The application only uses isFullyAuthenticated via Method Security or HTTP Request Security", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", ], known_not_affected: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-22234", }, { category: "external", summary: "RHBZ#2265172", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2265172", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-22234", url: "https://www.cve.org/CVERecord?id=CVE-2024-22234", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-22234", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-22234", }, { category: "external", summary: "https://spring.io/security/cve-2024-22234", url: "https://spring.io/security/cve-2024-22234", }, ], release_date: "2024-02-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-12T21:30:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6667", }, { category: "workaround", details: "Make sure the application is not vulnerable according to the description bullet points mentioned in this page.", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated", }, { cve: "CVE-2024-30260", cwe: { id: "CWE-285", name: "Improper Authorization", }, discovery_date: "2024-04-04T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2273522", }, ], notes: [ { category: "description", text: "A flaw was found in the nodejs-undici package. Proxy-Authorization headers are not cleared on cross-origin redirects, which can allow for the exposure of sensitive data or allow an attacker to capture the persistent proxy-authentication header.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", ], known_not_affected: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-30260", }, { category: "external", summary: "RHBZ#2273522", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2273522", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-30260", url: "https://www.cve.org/CVERecord?id=CVE-2024-30260", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-30260", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-30260", }, ], release_date: "2024-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-12T21:30:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6667", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "nodejs-undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline", }, { cve: "CVE-2024-30261", cwe: { id: "CWE-284", name: "Improper Access Control", }, discovery_date: "2024-04-04T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2273519", }, ], notes: [ { category: "description", text: "A flaw was found in the nodejs-undici package. This issue may allow an attacker to alter the integrity option passed to fetch(), allowing fetch() to accept requests as valid even if they have been tampered with.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-undici: fetch() with integrity option is too lax when algorithm is specified but hash value is in incorrect", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", ], known_not_affected: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-30261", }, { category: "external", summary: "RHBZ#2273519", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2273519", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-30261", url: "https://www.cve.org/CVERecord?id=CVE-2024-30261", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-30261", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-30261", }, ], release_date: "2024-04-04T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-12T21:30:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6667", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 2.6, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "nodejs-undici: fetch() with integrity option is too lax when algorithm is specified but hash value is in incorrect", }, { cve: "CVE-2024-39338", cwe: { id: "CWE-918", name: "Server-Side Request Forgery (SSRF)", }, discovery_date: "2024-08-13T17:21:32.774718+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2304369", }, ], notes: [ { category: "description", text: "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.", title: "Vulnerability description", }, { category: "summary", text: "axios: axios: Server-Side Request Forgery", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", ], known_not_affected: [ "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-39338", }, { category: "external", summary: "RHBZ#2304369", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2304369", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-39338", url: "https://www.cve.org/CVERecord?id=CVE-2024-39338", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-39338", }, { category: "external", summary: "https://github.com/axios/axios/releases", url: "https://github.com/axios/axios/releases", }, { category: "external", summary: "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", url: "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html", }, ], release_date: "2024-08-12T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-09-12T21:30:49+00:00", details: "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2024:6667", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64", "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64", "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x", "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le", "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x", "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le", "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64", "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le", "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le", "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x", "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64", "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64", "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x", "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "axios: axios: Server-Side Request Forgery", }, ], }
opensuse-su-2024:13850-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
nodejs-electron-28.2.10-2.1 on GA media
Notes
Title of the patch
nodejs-electron-28.2.10-2.1 on GA media
Description of the patch
These are all security issues fixed in the nodejs-electron-28.2.10-2.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13850
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "nodejs-electron-28.2.10-2.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the nodejs-electron-28.2.10-2.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-13850", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13850-1.json", }, { category: "self", summary: "SUSE CVE CVE-2024-30260 page", url: "https://www.suse.com/security/cve/CVE-2024-30260/", }, ], title: "nodejs-electron-28.2.10-2.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:13850-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "nodejs-electron-28.2.10-2.1.aarch64", product: { name: "nodejs-electron-28.2.10-2.1.aarch64", product_id: "nodejs-electron-28.2.10-2.1.aarch64", }, }, { category: "product_version", name: "nodejs-electron-devel-28.2.10-2.1.aarch64", product: { name: "nodejs-electron-devel-28.2.10-2.1.aarch64", product_id: "nodejs-electron-devel-28.2.10-2.1.aarch64", }, }, { category: "product_version", name: "nodejs-electron-doc-28.2.10-2.1.aarch64", product: { name: "nodejs-electron-doc-28.2.10-2.1.aarch64", product_id: "nodejs-electron-doc-28.2.10-2.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "nodejs-electron-28.2.10-2.1.ppc64le", product: { name: "nodejs-electron-28.2.10-2.1.ppc64le", product_id: "nodejs-electron-28.2.10-2.1.ppc64le", }, }, { category: "product_version", name: "nodejs-electron-devel-28.2.10-2.1.ppc64le", product: { name: "nodejs-electron-devel-28.2.10-2.1.ppc64le", product_id: "nodejs-electron-devel-28.2.10-2.1.ppc64le", }, }, { category: "product_version", name: "nodejs-electron-doc-28.2.10-2.1.ppc64le", product: { name: "nodejs-electron-doc-28.2.10-2.1.ppc64le", product_id: "nodejs-electron-doc-28.2.10-2.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "nodejs-electron-28.2.10-2.1.s390x", product: { name: "nodejs-electron-28.2.10-2.1.s390x", product_id: "nodejs-electron-28.2.10-2.1.s390x", }, }, { category: "product_version", name: "nodejs-electron-devel-28.2.10-2.1.s390x", product: { name: "nodejs-electron-devel-28.2.10-2.1.s390x", product_id: "nodejs-electron-devel-28.2.10-2.1.s390x", }, }, { category: "product_version", name: "nodejs-electron-doc-28.2.10-2.1.s390x", product: { name: "nodejs-electron-doc-28.2.10-2.1.s390x", product_id: "nodejs-electron-doc-28.2.10-2.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "nodejs-electron-28.2.10-2.1.x86_64", product: { name: "nodejs-electron-28.2.10-2.1.x86_64", product_id: "nodejs-electron-28.2.10-2.1.x86_64", }, }, { category: "product_version", name: "nodejs-electron-devel-28.2.10-2.1.x86_64", product: { name: "nodejs-electron-devel-28.2.10-2.1.x86_64", product_id: "nodejs-electron-devel-28.2.10-2.1.x86_64", }, }, { category: "product_version", name: "nodejs-electron-doc-28.2.10-2.1.x86_64", product: { name: "nodejs-electron-doc-28.2.10-2.1.x86_64", product_id: "nodejs-electron-doc-28.2.10-2.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "nodejs-electron-28.2.10-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs-electron-28.2.10-2.1.aarch64", }, product_reference: "nodejs-electron-28.2.10-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs-electron-28.2.10-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs-electron-28.2.10-2.1.ppc64le", }, product_reference: "nodejs-electron-28.2.10-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs-electron-28.2.10-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs-electron-28.2.10-2.1.s390x", }, product_reference: "nodejs-electron-28.2.10-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs-electron-28.2.10-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs-electron-28.2.10-2.1.x86_64", }, product_reference: "nodejs-electron-28.2.10-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs-electron-devel-28.2.10-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs-electron-devel-28.2.10-2.1.aarch64", }, product_reference: "nodejs-electron-devel-28.2.10-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs-electron-devel-28.2.10-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs-electron-devel-28.2.10-2.1.ppc64le", }, product_reference: "nodejs-electron-devel-28.2.10-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs-electron-devel-28.2.10-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs-electron-devel-28.2.10-2.1.s390x", }, product_reference: "nodejs-electron-devel-28.2.10-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs-electron-devel-28.2.10-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs-electron-devel-28.2.10-2.1.x86_64", }, product_reference: "nodejs-electron-devel-28.2.10-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs-electron-doc-28.2.10-2.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs-electron-doc-28.2.10-2.1.aarch64", }, product_reference: "nodejs-electron-doc-28.2.10-2.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs-electron-doc-28.2.10-2.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs-electron-doc-28.2.10-2.1.ppc64le", }, product_reference: "nodejs-electron-doc-28.2.10-2.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs-electron-doc-28.2.10-2.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs-electron-doc-28.2.10-2.1.s390x", }, product_reference: "nodejs-electron-doc-28.2.10-2.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs-electron-doc-28.2.10-2.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs-electron-doc-28.2.10-2.1.x86_64", }, product_reference: "nodejs-electron-doc-28.2.10-2.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2024-30260", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-30260", }, ], notes: [ { category: "general", text: "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.\n", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:nodejs-electron-28.2.10-2.1.aarch64", "openSUSE Tumbleweed:nodejs-electron-28.2.10-2.1.ppc64le", "openSUSE Tumbleweed:nodejs-electron-28.2.10-2.1.s390x", "openSUSE Tumbleweed:nodejs-electron-28.2.10-2.1.x86_64", "openSUSE Tumbleweed:nodejs-electron-devel-28.2.10-2.1.aarch64", "openSUSE Tumbleweed:nodejs-electron-devel-28.2.10-2.1.ppc64le", "openSUSE Tumbleweed:nodejs-electron-devel-28.2.10-2.1.s390x", "openSUSE Tumbleweed:nodejs-electron-devel-28.2.10-2.1.x86_64", "openSUSE Tumbleweed:nodejs-electron-doc-28.2.10-2.1.aarch64", "openSUSE Tumbleweed:nodejs-electron-doc-28.2.10-2.1.ppc64le", "openSUSE Tumbleweed:nodejs-electron-doc-28.2.10-2.1.s390x", "openSUSE Tumbleweed:nodejs-electron-doc-28.2.10-2.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-30260", url: "https://www.suse.com/security/cve/CVE-2024-30260", }, { category: "external", summary: "SUSE Bug 1222530 for CVE-2024-30260", url: "https://bugzilla.suse.com/1222530", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:nodejs-electron-28.2.10-2.1.aarch64", "openSUSE Tumbleweed:nodejs-electron-28.2.10-2.1.ppc64le", "openSUSE Tumbleweed:nodejs-electron-28.2.10-2.1.s390x", "openSUSE Tumbleweed:nodejs-electron-28.2.10-2.1.x86_64", "openSUSE Tumbleweed:nodejs-electron-devel-28.2.10-2.1.aarch64", "openSUSE Tumbleweed:nodejs-electron-devel-28.2.10-2.1.ppc64le", "openSUSE Tumbleweed:nodejs-electron-devel-28.2.10-2.1.s390x", "openSUSE Tumbleweed:nodejs-electron-devel-28.2.10-2.1.x86_64", "openSUSE Tumbleweed:nodejs-electron-doc-28.2.10-2.1.aarch64", "openSUSE Tumbleweed:nodejs-electron-doc-28.2.10-2.1.ppc64le", "openSUSE Tumbleweed:nodejs-electron-doc-28.2.10-2.1.s390x", "openSUSE Tumbleweed:nodejs-electron-doc-28.2.10-2.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:nodejs-electron-28.2.10-2.1.aarch64", "openSUSE Tumbleweed:nodejs-electron-28.2.10-2.1.ppc64le", "openSUSE Tumbleweed:nodejs-electron-28.2.10-2.1.s390x", "openSUSE Tumbleweed:nodejs-electron-28.2.10-2.1.x86_64", "openSUSE Tumbleweed:nodejs-electron-devel-28.2.10-2.1.aarch64", "openSUSE Tumbleweed:nodejs-electron-devel-28.2.10-2.1.ppc64le", "openSUSE Tumbleweed:nodejs-electron-devel-28.2.10-2.1.s390x", "openSUSE Tumbleweed:nodejs-electron-devel-28.2.10-2.1.x86_64", "openSUSE Tumbleweed:nodejs-electron-doc-28.2.10-2.1.aarch64", "openSUSE Tumbleweed:nodejs-electron-doc-28.2.10-2.1.ppc64le", "openSUSE Tumbleweed:nodejs-electron-doc-28.2.10-2.1.s390x", "openSUSE Tumbleweed:nodejs-electron-doc-28.2.10-2.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2024-30260", }, ], }
opensuse-su-2024:13852-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
corepack21-21.7.2-1.1 on GA media
Notes
Title of the patch
corepack21-21.7.2-1.1 on GA media
Description of the patch
These are all security issues fixed in the corepack21-21.7.2-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13852
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "corepack21-21.7.2-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the corepack21-21.7.2-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-13852", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13852-1.json", }, { category: "self", summary: "SUSE CVE CVE-2024-27982 page", url: "https://www.suse.com/security/cve/CVE-2024-27982/", }, { category: "self", summary: "SUSE CVE CVE-2024-27983 page", url: "https://www.suse.com/security/cve/CVE-2024-27983/", }, { category: "self", summary: "SUSE CVE CVE-2024-30260 page", url: "https://www.suse.com/security/cve/CVE-2024-30260/", }, ], title: "corepack21-21.7.2-1.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:13852-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "corepack21-21.7.2-1.1.aarch64", product: { name: "corepack21-21.7.2-1.1.aarch64", product_id: "corepack21-21.7.2-1.1.aarch64", }, }, { category: "product_version", name: "nodejs21-21.7.2-1.1.aarch64", product: { name: "nodejs21-21.7.2-1.1.aarch64", product_id: "nodejs21-21.7.2-1.1.aarch64", }, }, { category: "product_version", name: "nodejs21-devel-21.7.2-1.1.aarch64", product: { name: "nodejs21-devel-21.7.2-1.1.aarch64", product_id: "nodejs21-devel-21.7.2-1.1.aarch64", }, }, { category: "product_version", name: "nodejs21-docs-21.7.2-1.1.aarch64", product: { name: "nodejs21-docs-21.7.2-1.1.aarch64", product_id: "nodejs21-docs-21.7.2-1.1.aarch64", }, }, { category: "product_version", name: "npm21-21.7.2-1.1.aarch64", product: { name: "npm21-21.7.2-1.1.aarch64", product_id: "npm21-21.7.2-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "corepack21-21.7.2-1.1.ppc64le", product: { name: "corepack21-21.7.2-1.1.ppc64le", product_id: "corepack21-21.7.2-1.1.ppc64le", }, }, { category: "product_version", name: "nodejs21-21.7.2-1.1.ppc64le", product: { name: "nodejs21-21.7.2-1.1.ppc64le", product_id: "nodejs21-21.7.2-1.1.ppc64le", }, }, { category: "product_version", name: "nodejs21-devel-21.7.2-1.1.ppc64le", product: { name: "nodejs21-devel-21.7.2-1.1.ppc64le", product_id: "nodejs21-devel-21.7.2-1.1.ppc64le", }, }, { category: "product_version", name: "nodejs21-docs-21.7.2-1.1.ppc64le", product: { name: "nodejs21-docs-21.7.2-1.1.ppc64le", product_id: "nodejs21-docs-21.7.2-1.1.ppc64le", }, }, { category: "product_version", name: "npm21-21.7.2-1.1.ppc64le", product: { name: "npm21-21.7.2-1.1.ppc64le", product_id: "npm21-21.7.2-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "corepack21-21.7.2-1.1.s390x", product: { name: "corepack21-21.7.2-1.1.s390x", product_id: "corepack21-21.7.2-1.1.s390x", }, }, { category: "product_version", name: "nodejs21-21.7.2-1.1.s390x", product: { name: "nodejs21-21.7.2-1.1.s390x", product_id: "nodejs21-21.7.2-1.1.s390x", }, }, { category: "product_version", name: "nodejs21-devel-21.7.2-1.1.s390x", product: { name: "nodejs21-devel-21.7.2-1.1.s390x", product_id: "nodejs21-devel-21.7.2-1.1.s390x", }, }, { category: "product_version", name: "nodejs21-docs-21.7.2-1.1.s390x", product: { name: "nodejs21-docs-21.7.2-1.1.s390x", product_id: "nodejs21-docs-21.7.2-1.1.s390x", }, }, { category: "product_version", name: "npm21-21.7.2-1.1.s390x", product: { name: "npm21-21.7.2-1.1.s390x", product_id: "npm21-21.7.2-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "corepack21-21.7.2-1.1.x86_64", product: { name: "corepack21-21.7.2-1.1.x86_64", product_id: "corepack21-21.7.2-1.1.x86_64", }, }, { category: "product_version", name: "nodejs21-21.7.2-1.1.x86_64", product: { name: "nodejs21-21.7.2-1.1.x86_64", product_id: "nodejs21-21.7.2-1.1.x86_64", }, }, { category: "product_version", name: "nodejs21-devel-21.7.2-1.1.x86_64", product: { name: "nodejs21-devel-21.7.2-1.1.x86_64", product_id: "nodejs21-devel-21.7.2-1.1.x86_64", }, }, { category: "product_version", name: "nodejs21-docs-21.7.2-1.1.x86_64", product: { name: "nodejs21-docs-21.7.2-1.1.x86_64", product_id: "nodejs21-docs-21.7.2-1.1.x86_64", }, }, { category: "product_version", name: "npm21-21.7.2-1.1.x86_64", product: { name: "npm21-21.7.2-1.1.x86_64", product_id: "npm21-21.7.2-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "corepack21-21.7.2-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:corepack21-21.7.2-1.1.aarch64", }, product_reference: "corepack21-21.7.2-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "corepack21-21.7.2-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:corepack21-21.7.2-1.1.ppc64le", }, product_reference: "corepack21-21.7.2-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "corepack21-21.7.2-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:corepack21-21.7.2-1.1.s390x", }, product_reference: "corepack21-21.7.2-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "corepack21-21.7.2-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:corepack21-21.7.2-1.1.x86_64", }, product_reference: "corepack21-21.7.2-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs21-21.7.2-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.aarch64", }, product_reference: "nodejs21-21.7.2-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs21-21.7.2-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.ppc64le", }, product_reference: "nodejs21-21.7.2-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs21-21.7.2-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.s390x", }, product_reference: "nodejs21-21.7.2-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs21-21.7.2-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.x86_64", }, product_reference: "nodejs21-21.7.2-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs21-devel-21.7.2-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.aarch64", }, product_reference: "nodejs21-devel-21.7.2-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs21-devel-21.7.2-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.ppc64le", }, product_reference: "nodejs21-devel-21.7.2-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs21-devel-21.7.2-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.s390x", }, product_reference: "nodejs21-devel-21.7.2-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs21-devel-21.7.2-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.x86_64", }, product_reference: "nodejs21-devel-21.7.2-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs21-docs-21.7.2-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.aarch64", }, product_reference: "nodejs21-docs-21.7.2-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs21-docs-21.7.2-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.ppc64le", }, product_reference: "nodejs21-docs-21.7.2-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs21-docs-21.7.2-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.s390x", }, product_reference: "nodejs21-docs-21.7.2-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs21-docs-21.7.2-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.x86_64", }, product_reference: "nodejs21-docs-21.7.2-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "npm21-21.7.2-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:npm21-21.7.2-1.1.aarch64", }, product_reference: "npm21-21.7.2-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "npm21-21.7.2-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:npm21-21.7.2-1.1.ppc64le", }, product_reference: "npm21-21.7.2-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "npm21-21.7.2-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:npm21-21.7.2-1.1.s390x", }, product_reference: "npm21-21.7.2-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "npm21-21.7.2-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:npm21-21.7.2-1.1.x86_64", }, product_reference: "npm21-21.7.2-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2024-27982", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-27982", }, ], notes: [ { category: "general", text: "The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:corepack21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:npm21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:npm21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:npm21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:npm21-21.7.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-27982", url: "https://www.suse.com/security/cve/CVE-2024-27982", }, { category: "external", summary: "SUSE Bug 1222384 for CVE-2024-27982", url: "https://bugzilla.suse.com/1222384", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:corepack21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:npm21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:npm21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:npm21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:npm21-21.7.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:corepack21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:npm21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:npm21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:npm21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:npm21-21.7.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2024-27982", }, { cve: "CVE-2024-27983", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-27983", }, ], notes: [ { category: "general", text: "An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:corepack21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:npm21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:npm21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:npm21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:npm21-21.7.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-27983", url: "https://www.suse.com/security/cve/CVE-2024-27983", }, { category: "external", summary: "SUSE Bug 1222244 for CVE-2024-27983", url: "https://bugzilla.suse.com/1222244", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:corepack21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:npm21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:npm21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:npm21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:npm21-21.7.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:corepack21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:npm21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:npm21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:npm21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:npm21-21.7.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2024-27983", }, { cve: "CVE-2024-30260", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-30260", }, ], notes: [ { category: "general", text: "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.\n", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:corepack21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:npm21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:npm21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:npm21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:npm21-21.7.2-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-30260", url: "https://www.suse.com/security/cve/CVE-2024-30260", }, { category: "external", summary: "SUSE Bug 1222530 for CVE-2024-30260", url: "https://bugzilla.suse.com/1222530", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:corepack21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:npm21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:npm21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:npm21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:npm21-21.7.2-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:corepack21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:corepack21-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-devel-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.s390x", "openSUSE Tumbleweed:nodejs21-docs-21.7.2-1.1.x86_64", "openSUSE Tumbleweed:npm21-21.7.2-1.1.aarch64", "openSUSE Tumbleweed:npm21-21.7.2-1.1.ppc64le", "openSUSE Tumbleweed:npm21-21.7.2-1.1.s390x", "openSUSE Tumbleweed:npm21-21.7.2-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2024-30260", }, ], }
opensuse-su-2024:13851-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
corepack20-20.12.1-1.1 on GA media
Notes
Title of the patch
corepack20-20.12.1-1.1 on GA media
Description of the patch
These are all security issues fixed in the corepack20-20.12.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13851
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "corepack20-20.12.1-1.1 on GA media", title: "Title of the patch", }, { category: "description", text: "These are all security issues fixed in the corepack20-20.12.1-1.1 package on the GA media of openSUSE Tumbleweed.", title: "Description of the patch", }, { category: "details", text: "openSUSE-Tumbleweed-2024-13851", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13851-1.json", }, { category: "self", summary: "SUSE CVE CVE-2024-27982 page", url: "https://www.suse.com/security/cve/CVE-2024-27982/", }, { category: "self", summary: "SUSE CVE CVE-2024-27983 page", url: "https://www.suse.com/security/cve/CVE-2024-27983/", }, { category: "self", summary: "SUSE CVE CVE-2024-30260 page", url: "https://www.suse.com/security/cve/CVE-2024-30260/", }, ], title: "corepack20-20.12.1-1.1 on GA media", tracking: { current_release_date: "2024-06-15T00:00:00Z", generator: { date: "2024-06-15T00:00:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2024:13851-1", initial_release_date: "2024-06-15T00:00:00Z", revision_history: [ { date: "2024-06-15T00:00:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "corepack20-20.12.1-1.1.aarch64", product: { name: "corepack20-20.12.1-1.1.aarch64", product_id: "corepack20-20.12.1-1.1.aarch64", }, }, { category: "product_version", name: "nodejs20-20.12.1-1.1.aarch64", product: { name: "nodejs20-20.12.1-1.1.aarch64", product_id: "nodejs20-20.12.1-1.1.aarch64", }, }, { category: "product_version", name: "nodejs20-devel-20.12.1-1.1.aarch64", product: { name: "nodejs20-devel-20.12.1-1.1.aarch64", product_id: "nodejs20-devel-20.12.1-1.1.aarch64", }, }, { category: "product_version", name: "nodejs20-docs-20.12.1-1.1.aarch64", product: { name: "nodejs20-docs-20.12.1-1.1.aarch64", product_id: "nodejs20-docs-20.12.1-1.1.aarch64", }, }, { category: "product_version", name: "npm20-20.12.1-1.1.aarch64", product: { name: "npm20-20.12.1-1.1.aarch64", product_id: "npm20-20.12.1-1.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "corepack20-20.12.1-1.1.ppc64le", product: { name: "corepack20-20.12.1-1.1.ppc64le", product_id: "corepack20-20.12.1-1.1.ppc64le", }, }, { category: "product_version", name: "nodejs20-20.12.1-1.1.ppc64le", product: { name: "nodejs20-20.12.1-1.1.ppc64le", product_id: "nodejs20-20.12.1-1.1.ppc64le", }, }, { category: "product_version", name: "nodejs20-devel-20.12.1-1.1.ppc64le", product: { name: "nodejs20-devel-20.12.1-1.1.ppc64le", product_id: "nodejs20-devel-20.12.1-1.1.ppc64le", }, }, { category: "product_version", name: "nodejs20-docs-20.12.1-1.1.ppc64le", product: { name: "nodejs20-docs-20.12.1-1.1.ppc64le", product_id: "nodejs20-docs-20.12.1-1.1.ppc64le", }, }, { category: "product_version", name: "npm20-20.12.1-1.1.ppc64le", product: { name: "npm20-20.12.1-1.1.ppc64le", product_id: "npm20-20.12.1-1.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "corepack20-20.12.1-1.1.s390x", product: { name: "corepack20-20.12.1-1.1.s390x", product_id: "corepack20-20.12.1-1.1.s390x", }, }, { category: "product_version", name: "nodejs20-20.12.1-1.1.s390x", product: { name: "nodejs20-20.12.1-1.1.s390x", product_id: "nodejs20-20.12.1-1.1.s390x", }, }, { category: "product_version", name: "nodejs20-devel-20.12.1-1.1.s390x", product: { name: "nodejs20-devel-20.12.1-1.1.s390x", product_id: "nodejs20-devel-20.12.1-1.1.s390x", }, }, { category: "product_version", name: "nodejs20-docs-20.12.1-1.1.s390x", product: { name: "nodejs20-docs-20.12.1-1.1.s390x", product_id: "nodejs20-docs-20.12.1-1.1.s390x", }, }, { category: "product_version", name: "npm20-20.12.1-1.1.s390x", product: { name: "npm20-20.12.1-1.1.s390x", product_id: "npm20-20.12.1-1.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "corepack20-20.12.1-1.1.x86_64", product: { name: "corepack20-20.12.1-1.1.x86_64", product_id: "corepack20-20.12.1-1.1.x86_64", }, }, { category: "product_version", name: "nodejs20-20.12.1-1.1.x86_64", product: { name: "nodejs20-20.12.1-1.1.x86_64", product_id: "nodejs20-20.12.1-1.1.x86_64", }, }, { category: "product_version", name: "nodejs20-devel-20.12.1-1.1.x86_64", product: { name: "nodejs20-devel-20.12.1-1.1.x86_64", product_id: "nodejs20-devel-20.12.1-1.1.x86_64", }, }, { category: "product_version", name: "nodejs20-docs-20.12.1-1.1.x86_64", product: { name: "nodejs20-docs-20.12.1-1.1.x86_64", product_id: "nodejs20-docs-20.12.1-1.1.x86_64", }, }, { category: "product_version", name: "npm20-20.12.1-1.1.x86_64", product: { name: "npm20-20.12.1-1.1.x86_64", product_id: "npm20-20.12.1-1.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "openSUSE Tumbleweed", product: { name: "openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed", product_identification_helper: { cpe: "cpe:/o:opensuse:tumbleweed", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "corepack20-20.12.1-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:corepack20-20.12.1-1.1.aarch64", }, product_reference: "corepack20-20.12.1-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "corepack20-20.12.1-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:corepack20-20.12.1-1.1.ppc64le", }, product_reference: "corepack20-20.12.1-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "corepack20-20.12.1-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:corepack20-20.12.1-1.1.s390x", }, product_reference: "corepack20-20.12.1-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "corepack20-20.12.1-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:corepack20-20.12.1-1.1.x86_64", }, product_reference: "corepack20-20.12.1-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs20-20.12.1-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.aarch64", }, product_reference: "nodejs20-20.12.1-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs20-20.12.1-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.ppc64le", }, product_reference: "nodejs20-20.12.1-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs20-20.12.1-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.s390x", }, product_reference: "nodejs20-20.12.1-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs20-20.12.1-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.x86_64", }, product_reference: "nodejs20-20.12.1-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs20-devel-20.12.1-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.aarch64", }, product_reference: "nodejs20-devel-20.12.1-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs20-devel-20.12.1-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.ppc64le", }, product_reference: "nodejs20-devel-20.12.1-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs20-devel-20.12.1-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.s390x", }, product_reference: "nodejs20-devel-20.12.1-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs20-devel-20.12.1-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.x86_64", }, product_reference: "nodejs20-devel-20.12.1-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs20-docs-20.12.1-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.aarch64", }, product_reference: "nodejs20-docs-20.12.1-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs20-docs-20.12.1-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.ppc64le", }, product_reference: "nodejs20-docs-20.12.1-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs20-docs-20.12.1-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.s390x", }, product_reference: "nodejs20-docs-20.12.1-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "nodejs20-docs-20.12.1-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.x86_64", }, product_reference: "nodejs20-docs-20.12.1-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "npm20-20.12.1-1.1.aarch64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:npm20-20.12.1-1.1.aarch64", }, product_reference: "npm20-20.12.1-1.1.aarch64", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "npm20-20.12.1-1.1.ppc64le as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:npm20-20.12.1-1.1.ppc64le", }, product_reference: "npm20-20.12.1-1.1.ppc64le", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "npm20-20.12.1-1.1.s390x as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:npm20-20.12.1-1.1.s390x", }, product_reference: "npm20-20.12.1-1.1.s390x", relates_to_product_reference: "openSUSE Tumbleweed", }, { category: "default_component_of", full_product_name: { name: "npm20-20.12.1-1.1.x86_64 as component of openSUSE Tumbleweed", product_id: "openSUSE Tumbleweed:npm20-20.12.1-1.1.x86_64", }, product_reference: "npm20-20.12.1-1.1.x86_64", relates_to_product_reference: "openSUSE Tumbleweed", }, ], }, vulnerabilities: [ { cve: "CVE-2024-27982", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-27982", }, ], notes: [ { category: "general", text: "The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:corepack20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:npm20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:npm20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:npm20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:npm20-20.12.1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-27982", url: "https://www.suse.com/security/cve/CVE-2024-27982", }, { category: "external", summary: "SUSE Bug 1222384 for CVE-2024-27982", url: "https://bugzilla.suse.com/1222384", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:corepack20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:npm20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:npm20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:npm20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:npm20-20.12.1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:corepack20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:npm20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:npm20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:npm20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:npm20-20.12.1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "moderate", }, ], title: "CVE-2024-27982", }, { cve: "CVE-2024-27983", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-27983", }, ], notes: [ { category: "general", text: "An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:corepack20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:npm20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:npm20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:npm20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:npm20-20.12.1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-27983", url: "https://www.suse.com/security/cve/CVE-2024-27983", }, { category: "external", summary: "SUSE Bug 1222244 for CVE-2024-27983", url: "https://bugzilla.suse.com/1222244", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:corepack20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:npm20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:npm20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:npm20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:npm20-20.12.1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "openSUSE Tumbleweed:corepack20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:npm20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:npm20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:npm20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:npm20-20.12.1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "important", }, ], title: "CVE-2024-27983", }, { cve: "CVE-2024-30260", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2024-30260", }, ], notes: [ { category: "general", text: "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.\n", title: "CVE description", }, ], product_status: { recommended: [ "openSUSE Tumbleweed:corepack20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:npm20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:npm20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:npm20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:npm20-20.12.1-1.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2024-30260", url: "https://www.suse.com/security/cve/CVE-2024-30260", }, { category: "external", summary: "SUSE Bug 1222530 for CVE-2024-30260", url: "https://bugzilla.suse.com/1222530", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "openSUSE Tumbleweed:corepack20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:npm20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:npm20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:npm20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:npm20-20.12.1-1.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.1, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "openSUSE Tumbleweed:corepack20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:corepack20-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-devel-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.s390x", "openSUSE Tumbleweed:nodejs20-docs-20.12.1-1.1.x86_64", "openSUSE Tumbleweed:npm20-20.12.1-1.1.aarch64", "openSUSE Tumbleweed:npm20-20.12.1-1.1.ppc64le", "openSUSE Tumbleweed:npm20-20.12.1-1.1.s390x", "openSUSE Tumbleweed:npm20-20.12.1-1.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2024-06-15T00:00:00Z", details: "low", }, ], title: "CVE-2024-30260", }, ], }
gsd-2024-30260
Vulnerability from gsd
Modified
2024-04-03 05:02
Details
Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.
Aliases
{ gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2024-30260", ], details: "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.\n", id: "GSD-2024-30260", modified: "2024-04-03T05:02:29.249123Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security-advisories@github.com", ID: "CVE-2024-30260", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "undici", version: { version_data: [ { version_affected: "=", version_value: "< 5.28.4", }, { version_affected: "=", version_value: ">= 6.0.0, < 6.11.1", }, ], }, }, ], }, vendor_name: "nodejs", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.\n", }, ], }, impact: { cvss: [ { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, ], }, problemtype: { problemtype_data: [ { description: [ { cweId: "CWE-285", lang: "eng", value: "CWE-285: Improper Authorization", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7", refsource: "MISC", url: "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7", }, { name: "https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f", refsource: "MISC", url: "https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f", }, { name: "https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75", refsource: "MISC", url: "https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/", refsource: "MISC", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/", refsource: "MISC", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/", }, { name: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/", refsource: "MISC", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/", }, ], }, source: { advisory: "GHSA-m4v8-wqvr-p9f7", discovery: "UNKNOWN", }, }, "nvd.nist.gov": { cve: { descriptions: [ { lang: "en", value: "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.\n", }, { lang: "es", value: "Undici es un cliente HTTP/1.1, escrito desde cero para Node.js. Undici borró los encabezados Authorization y Proxy-Authorization para `fetch()`, pero no los borró para `undici.request()`. Esta vulnerabilidad fue parcheada en las versiones 5.28.4 y 6.11.1.", }, ], id: "CVE-2024-30260", lastModified: "2024-04-19T23:15:11.047", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.9, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 0.5, impactScore: 3.4, source: "security-advisories@github.com", type: "Secondary", }, ], }, published: "2024-04-04T16:15:08.877", references: [ { source: "security-advisories@github.com", url: "https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f", }, { source: "security-advisories@github.com", url: "https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75", }, { source: "security-advisories@github.com", url: "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/", }, { source: "security-advisories@github.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/", }, ], sourceIdentifier: "security-advisories@github.com", vulnStatus: "Awaiting Analysis", weaknesses: [ { description: [ { lang: "en", value: "CWE-285", }, ], source: "security-advisories@github.com", type: "Secondary", }, ], }, }, }, }
ghsa-m4v8-wqvr-p9f7
Vulnerability from github
Published
2024-04-04 14:20
Modified
2025-02-13 19:02
Severity ?
Summary
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Details
Impact
Undici cleared Authorization and Proxy-Authorization headers for fetch(), but did not clear them for undici.request().
Patches
This has been patched in https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75. Fixes has been released in v5.28.4 and v6.11.1.
Workarounds
use fetch() or disable maxRedirections.
References
Linzi Shang reported this.
- https://hackerone.com/reports/2408074
- https://github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3
{ affected: [ { package: { ecosystem: "npm", name: "undici", }, ranges: [ { events: [ { introduced: "0", }, { fixed: "5.28.4", }, ], type: "ECOSYSTEM", }, ], }, { package: { ecosystem: "npm", name: "undici", }, ranges: [ { events: [ { introduced: "6.0.0", }, { fixed: "6.11.1", }, ], type: "ECOSYSTEM", }, ], }, ], aliases: [ "CVE-2024-30260", ], database_specific: { cwe_ids: [ "CWE-200", "CWE-285", "CWE-863", ], github_reviewed: true, github_reviewed_at: "2024-04-04T14:20:39Z", nvd_published_at: "2024-04-04T16:15:08Z", severity: "LOW", }, details: "### Impact\n\nUndici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`.\n\n### Patches\n\nThis has been patched in https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75.\nFixes has been released in v5.28.4 and v6.11.1.\n\n### Workarounds\n\nuse `fetch()` or disable `maxRedirections`.\n\n### References\n\nLinzi Shang reported this.\n\n* https://hackerone.com/reports/2408074\n* https://github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3", id: "GHSA-m4v8-wqvr-p9f7", modified: "2025-02-13T19:02:14Z", published: "2024-04-04T14:20:39Z", references: [ { type: "WEB", url: "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7", }, { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-30260", }, { type: "WEB", url: "https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f", }, { type: "WEB", url: "https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75", }, { type: "WEB", url: "https://hackerone.com/reports/2408074", }, { type: "PACKAGE", url: "https://github.com/nodejs/undici", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ", }, { type: "WEB", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L", type: "CVSS_V3", }, ], summary: "Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline", }
wid-sec-w-2024-0956
Vulnerability from csaf_certbund
Published
2024-04-23 22:00
Modified
2024-05-12 22:00
Summary
IBM App Connect Enterprise: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff
Ein entfernter Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Phishing-Angriffe durchzuführen, Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Phishing-Angriffe durchzuführen, Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0956 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0956.json", }, { category: "self", summary: "WID-SEC-2024-0956 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0956", }, { category: "external", summary: "IBM Security Bulletin vom 2024-04-23", url: "https://www.ibm.com/support/pages/node/7149177", }, { category: "external", summary: "IBM Security Bulletin vom 2024-04-23", url: "https://www.ibm.com/support/pages/node/7149179", }, { category: "external", summary: "IBM Security Bulletin 7150843 vom 2024-05-10", url: "https://www.ibm.com/support/pages/node/7150843", }, ], source_lang: "en-US", title: "IBM App Connect Enterprise: Mehrere Schwachstellen", tracking: { current_release_date: "2024-05-12T22:00:00.000+00:00", generator: { date: "2024-08-15T18:08:07.080+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2024-0956", initial_release_date: "2024-04-23T22:00:00.000+00:00", revision_history: [ { date: "2024-04-23T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-05-12T22:00:00.000+00:00", number: "2", summary: "Neue Updates von IBM aufgenommen", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "IBM App Connect Enterprise", product: { name: "IBM App Connect Enterprise", product_id: "T032495", product_identification_helper: { cpe: "cpe:/a:ibm:app_connect_enterprise:-", }, }, }, { category: "product_version_range", name: "<11.5.0", product: { name: "IBM App Connect Enterprise <11.5.0", product_id: "T034375", }, }, { category: "product_version_range", name: "<5.0.17 LTS", product: { name: "IBM App Connect Enterprise <5.0.17 LTS", product_id: "T034376", }, }, ], category: "product_name", name: "App Connect Enterprise", }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2024-29041", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in IBM App Connect Enterprise. Dieser Fehler besteht in der Komponente Express.js aufgrund eines offenen Umleitungsproblems. Mit einer speziell gestalteten URL kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um ein Opfer auf beliebige Websites umzuleiten und so einen Phishing-Angriff durchzuführen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T032495", ], }, release_date: "2024-04-23T22:00:00.000+00:00", title: "CVE-2024-29041", }, { cve: "CVE-2024-30260", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM App Connect Enterprise. Diese Fehler bestehen im Node.js undici-Modul aufgrund einer ungeeigneten Abrufmethode und eines ungeeigneten Autorisierungsproblems. Durch Senden einer speziell gestalteten Anfrage kann ein entfernter, authentifizierter Angreifer diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T032495", ], }, release_date: "2024-04-23T22:00:00.000+00:00", title: "CVE-2024-30260", }, { cve: "CVE-2024-30261", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM App Connect Enterprise. Diese Fehler bestehen im Node.js undici-Modul aufgrund einer ungeeigneten Abrufmethode und eines ungeeigneten Autorisierungsproblems. Durch Senden einer speziell gestalteten Anfrage kann ein entfernter, authentifizierter Angreifer diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T032495", ], }, release_date: "2024-04-23T22:00:00.000+00:00", title: "CVE-2024-30261", }, ], }
WID-SEC-W-2024-0956
Vulnerability from csaf_certbund
Published
2024-04-23 22:00
Modified
2024-05-12 22:00
Summary
IBM App Connect Enterprise: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff
Ein entfernter Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Phishing-Angriffe durchzuführen, Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{ document: { aggregate_severity: { text: "mittel", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Phishing-Angriffe durchzuführen, Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen.", title: "Angriff", }, { category: "general", text: "- Linux", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2024-0956 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0956.json", }, { category: "self", summary: "WID-SEC-2024-0956 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0956", }, { category: "external", summary: "IBM Security Bulletin vom 2024-04-23", url: "https://www.ibm.com/support/pages/node/7149177", }, { category: "external", summary: "IBM Security Bulletin vom 2024-04-23", url: "https://www.ibm.com/support/pages/node/7149179", }, { category: "external", summary: "IBM Security Bulletin 7150843 vom 2024-05-10", url: "https://www.ibm.com/support/pages/node/7150843", }, ], source_lang: "en-US", title: "IBM App Connect Enterprise: Mehrere Schwachstellen", tracking: { current_release_date: "2024-05-12T22:00:00.000+00:00", generator: { date: "2024-08-15T18:08:07.080+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2024-0956", initial_release_date: "2024-04-23T22:00:00.000+00:00", revision_history: [ { date: "2024-04-23T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2024-05-12T22:00:00.000+00:00", number: "2", summary: "Neue Updates von IBM aufgenommen", }, ], status: "final", version: "2", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "IBM App Connect Enterprise", product: { name: "IBM App Connect Enterprise", product_id: "T032495", product_identification_helper: { cpe: "cpe:/a:ibm:app_connect_enterprise:-", }, }, }, { category: "product_version_range", name: "<11.5.0", product: { name: "IBM App Connect Enterprise <11.5.0", product_id: "T034375", }, }, { category: "product_version_range", name: "<5.0.17 LTS", product: { name: "IBM App Connect Enterprise <5.0.17 LTS", product_id: "T034376", }, }, ], category: "product_name", name: "App Connect Enterprise", }, ], category: "vendor", name: "IBM", }, ], }, vulnerabilities: [ { cve: "CVE-2024-29041", notes: [ { category: "description", text: "Es besteht eine Schwachstelle in IBM App Connect Enterprise. Dieser Fehler besteht in der Komponente Express.js aufgrund eines offenen Umleitungsproblems. Mit einer speziell gestalteten URL kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um ein Opfer auf beliebige Websites umzuleiten und so einen Phishing-Angriff durchzuführen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T032495", ], }, release_date: "2024-04-23T22:00:00.000+00:00", title: "CVE-2024-29041", }, { cve: "CVE-2024-30260", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM App Connect Enterprise. Diese Fehler bestehen im Node.js undici-Modul aufgrund einer ungeeigneten Abrufmethode und eines ungeeigneten Autorisierungsproblems. Durch Senden einer speziell gestalteten Anfrage kann ein entfernter, authentifizierter Angreifer diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T032495", ], }, release_date: "2024-04-23T22:00:00.000+00:00", title: "CVE-2024-30260", }, { cve: "CVE-2024-30261", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in IBM App Connect Enterprise. Diese Fehler bestehen im Node.js undici-Modul aufgrund einer ungeeigneten Abrufmethode und eines ungeeigneten Autorisierungsproblems. Durch Senden einer speziell gestalteten Anfrage kann ein entfernter, authentifizierter Angreifer diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen oder vertrauliche Informationen offenzulegen. Eine erfolgreiche Ausnutzung erfordert eine Benutzerinteraktion.", }, ], product_status: { known_affected: [ "T032495", ], }, release_date: "2024-04-23T22:00:00.000+00:00", title: "CVE-2024-30261", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.