Action not permitted
Modal body text goes here.
cve-2024-45801
Vulnerability from cvelistv5
Published
2024-09-16 18:25
Modified
2024-09-16 20:04
Severity ?
EPSS score ?
Summary
Tampering by prototype polution in DOMPurify
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T20:04:30.471934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T20:04:47.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "DOMPurify",
"vendor": "cure53",
"versions": [
{
"status": "affected",
"version": "\u003c 2.5.4"
},
{
"status": "affected",
"version": "\u003e=3.0.0, \u003c 3.1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T18:25:28.065Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674"
},
{
"name": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21"
},
{
"name": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc"
}
],
"source": {
"advisory": "GHSA-mmhx-hmjr-r674",
"discovery": "UNKNOWN"
},
"title": "Tampering by prototype polution in DOMPurify"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45801",
"datePublished": "2024-09-16T18:25:28.065Z",
"dateReserved": "2024-09-09T14:23:07.503Z",
"dateUpdated": "2024-09-16T20:04:47.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-45801\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-09-16T19:16:11.080\",\"lastModified\":\"2024-09-20T12:31:20.110\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability.\"},{\"lang\":\"es\",\"value\":\"DOMPurify es un desinfectante XSS ultrarr\u00e1pido, ultratolerante y exclusivo de DOM para HTML, MathML y SVG. Se ha descubierto que el HTML malicioso que utiliza t\u00e9cnicas de anidaci\u00f3n especiales puede eludir la comprobaci\u00f3n de profundidad agregada a DOMPurify en versiones recientes. Tambi\u00e9n fue posible utilizar Prototype Pollution para debilitar la comprobaci\u00f3n de profundidad. Esto hace que dompurify no pueda evitar los ataques de cross site scripting (XSS). Este problema se ha solucionado en las versiones 2.5.4 y 3.1.3 de DOMPurify. Se recomienda a todos los usuarios que actualicen. No existen workarounds para esta vulnerabilidad.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1333\"}]}],\"references\":[{\"url\":\"https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674\",\"source\":\"security-advisories@github.com\"}]}}"
}
}
ghsa-mmhx-hmjr-r674
Vulnerability from github
Published
2024-09-16 20:34
Modified
2024-09-16 22:37
Severity ?
7.0 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L
8.3 (High) - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
8.3 (High) - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N
Summary
DOMPurify allows tampering by prototype pollution
Details
It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check.
This renders dompurify unable to avoid XSS attack.
Fixed by https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21 (3.x branch) and https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc (2.x branch).
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "dompurify"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "dompurify"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-45801"
],
"database_specific": {
"cwe_ids": [
"CWE-1321",
"CWE-1333"
],
"github_reviewed": true,
"github_reviewed_at": "2024-09-16T20:34:26Z",
"nvd_published_at": "2024-09-16T19:16:11Z",
"severity": "HIGH"
},
"details": "It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check.\n\nThis renders dompurify unable to avoid XSS attack.\n\nFixed by https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21 (3.x branch) and https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc (2.x branch).",
"id": "GHSA-mmhx-hmjr-r674",
"modified": "2024-09-16T22:37:33Z",
"published": "2024-09-16T20:34:26Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45801"
},
{
"type": "WEB",
"url": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21"
},
{
"type": "WEB",
"url": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc"
},
{
"type": "PACKAGE",
"url": "https://github.com/cure53/DOMPurify"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "DOMPurify allows tampering by prototype pollution"
}
rhsa-2024_7706
Vulnerability from csaf_redhat
Published
2024-10-07 01:12
Modified
2024-11-21 21:09
Summary
Red Hat Security Advisory: Red Hat build of Cryostat security update
Notes
Topic
An update is now available for the Red Hat build of Cryostat 3 on RHEL 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
An update is now available for the Red Hat build of Cryostat 3 on RHEL 8.
Security Fix(es):
* webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule (CVE-2024-43788)
* dompurify: XSS vulnerability via prototype pollution (CVE-2024-45801)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for the Red Hat build of Cryostat 3 on RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "An update is now available for the Red Hat build of Cryostat 3 on RHEL 8.\n\nSecurity Fix(es):\n\n* webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule (CVE-2024-43788)\n* dompurify: XSS vulnerability via prototype pollution (CVE-2024-45801)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7706",
"url": "https://access.redhat.com/errata/RHSA-2024:7706"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2308193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308193"
},
{
"category": "external",
"summary": "2312631",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312631"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7706.json"
}
],
"title": "Red Hat Security Advisory: Red Hat build of Cryostat security update",
"tracking": {
"current_release_date": "2024-11-21T21:09:21+00:00",
"generator": {
"date": "2024-11-21T21:09:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:7706",
"initial_release_date": "2024-10-07T01:12:29+00:00",
"revision_history": [
{
"date": "2024-10-07T01:12:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-07T01:12:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T21:09:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Cryostat 3 on RHEL 8",
"product": {
"name": "Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:cryostat:3::el8"
}
}
}
],
"category": "product_family",
"name": "Cryostat"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64",
"product_id": "cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-db-rhel8\u0026tag=3.0.1-3"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64",
"product_id": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8\u0026tag=3.0.1-3"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64",
"product_id": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8\u0026tag=3.0.1-3"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64",
"product_id": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-reports-rhel8\u0026tag=3.0.1-3"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64",
"product_id": "cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8\u0026tag=3.0.1-3"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64",
"product_id": "cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-operator-bundle\u0026tag=3.0.1-3"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64",
"product_id": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8-operator\u0026tag=3.0.1-3"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64",
"product": {
"name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64",
"product_id": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-storage-rhel8\u0026tag=3.0.1-3"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64",
"product": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64",
"product_id": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8\u0026tag=3.0.1-3"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64",
"product_id": "cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-db-rhel8\u0026tag=3.0.1-3"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64",
"product_id": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8\u0026tag=3.0.1-3"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64",
"product_id": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8\u0026tag=3.0.1-3"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64",
"product_id": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-reports-rhel8\u0026tag=3.0.1-3"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64",
"product_id": "cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8\u0026tag=3.0.1-3"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64",
"product_id": "cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-operator-bundle\u0026tag=3.0.1-3"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64",
"product_id": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8-operator\u0026tag=3.0.1-3"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64",
"product": {
"name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64",
"product_id": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-storage-rhel8\u0026tag=3.0.1-3"
}
}
},
{
"category": "product_version",
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64",
"product": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64",
"product_id": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8\u0026tag=3.0.1-3"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64"
},
"product_reference": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64"
},
"product_reference": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64"
},
"product_reference": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64",
"relates_to_product_reference": "8Base-Cryostat-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64 as a component of Cryostat 3 on RHEL 8",
"product_id": "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64"
},
"product_reference": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64",
"relates_to_product_reference": "8Base-Cryostat-3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-43788",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-08-27T17:20:06.890123+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2308193"
}
],
"notes": [
{
"category": "description",
"text": "A DOM Clobbering vulnerability was found in Webpack via `AutoPublicPathRuntimeModule`. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script through seemingly benign HTML markups in the webpage, for example, through a post or comment, and leverages the gadgets (pieces of JS code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to Cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or ID attributes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this issue is classified as moderate rather than important due to the specific conditions required for exploitation. DOM Clobbering, while serious, can only be leveraged in environments where an attacker has the ability to inject unsanitized HTML attributes (e.g., `name` or `id`) into a web page. This limits the attack surface to applications that improperly sanitize user input and rely on Webpack-generated files. Furthermore, the exploitation depends on existing vulnerabilities in the sanitization process, rather than the direct execution of arbitrary scripts. As a result, while the issue can lead to XSS, its impact is constrained by the contextual requirement of HTML injection, lowering its overall severity compared to more direct XSS vectors.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43788"
},
{
"category": "external",
"summary": "RHBZ#2308193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308193"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43788",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43788"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61",
"url": "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986",
"url": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986"
},
{
"category": "external",
"summary": "https://research.securitum.com/xss-in-amp4email-dom-clobbering",
"url": "https://research.securitum.com/xss-in-amp4email-dom-clobbering"
},
{
"category": "external",
"summary": "https://scnps.co/papers/sp23_domclob.pdf",
"url": "https://scnps.co/papers/sp23_domclob.pdf"
}
],
"release_date": "2024-08-27T17:15:07.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-07T01:12:29+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7706"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule"
},
{
"cve": "CVE-2024-45801",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-09-16T19:20:09.863249+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2312631"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in DOMPurify. This issue may allow an attacker to use specially-crafted HTML to bypass the depth checking or use Prototype Pollution to weaken the depth check, which can lead to cross site scripting (XSS) attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dompurify: XSS vulnerability via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in DOMPurify, while significant, is categorized as moderate severity rather than important due to its specific conditions for exploitation. The issue requires not only a sophisticated nesting technique to bypass the depth checks but also the ability to leverage Prototype Pollution to weaken these protections. This makes the attack scenario relatively complex and less likely to be encountered in general use cases. Furthermore, the flaw impacts only certain configurations and usage patterns, thus reducing its immediate risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45801"
},
{
"category": "external",
"summary": "RHBZ#2312631",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312631"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45801",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45801"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21",
"url": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc",
"url": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674",
"url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674"
}
],
"release_date": "2024-09-16T19:16:11.080000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-07T01:12:29+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7706"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64",
"8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64",
"8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dompurify: XSS vulnerability via prototype pollution"
}
]
}
rhsa-2024_7324
Vulnerability from csaf_redhat
Published
2024-10-02 12:03
Modified
2024-11-21 21:08
Summary
Red Hat Security Advisory: Logging for Red Hat OpenShift - 5.9.7
Notes
Topic
Logging for Red Hat OpenShift - 5.9.7
Details
Logging for Red Hat OpenShift - 5.9.7
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Logging for Red Hat OpenShift - 5.9.7",
"title": "Topic"
},
{
"category": "general",
"text": "Logging for Red Hat OpenShift - 5.9.7",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:7324",
"url": "https://access.redhat.com/errata/RHSA-2024:7324"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "LOG-5950",
"url": "https://issues.redhat.com/browse/LOG-5950"
},
{
"category": "external",
"summary": "LOG-6041",
"url": "https://issues.redhat.com/browse/LOG-6041"
},
{
"category": "external",
"summary": "LOG-6125",
"url": "https://issues.redhat.com/browse/LOG-6125"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7324.json"
}
],
"title": "Red Hat Security Advisory: Logging for Red Hat OpenShift - 5.9.7",
"tracking": {
"current_release_date": "2024-11-21T21:08:59+00:00",
"generator": {
"date": "2024-11-21T21:08:59+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:7324",
"initial_release_date": "2024-10-02T12:03:29+00:00",
"revision_history": [
{
"date": "2024-10-02T12:03:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-02T12:03:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T21:08:59+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHOL 5.9 for RHEL 9",
"product": {
"name": "RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:logging:5.9::el9"
}
}
}
],
"category": "product_family",
"name": "logging for Red Hat OpenShift"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le",
"product": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le",
"product_id": "openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator\u0026tag=v5.9.7-6"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le",
"product_id": "openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9\u0026tag=v1.1.0-282"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le",
"product": {
"name": "openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le",
"product_id": "openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel9\u0026tag=v0.4.0-301"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le",
"product": {
"name": "openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le",
"product_id": "openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel9\u0026tag=v5.9.7-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le",
"product": {
"name": "openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le",
"product_id": "openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel9\u0026tag=v3.1.1-10"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le",
"product": {
"name": "openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le",
"product_id": "openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel9\u0026tag=v0.34.1-19"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le",
"product_id": "openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel9\u0026tag=v5.9.7-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le",
"product": {
"name": "openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le",
"product_id": "openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel9-operator\u0026tag=v5.9.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le",
"product_id": "openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel9\u0026tag=v0.1.0-653"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le",
"product": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le",
"product_id": "openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel9\u0026tag=v0.1.0-288"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64",
"product": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64",
"product_id": "openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator\u0026tag=v5.9.7-6"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64",
"product": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64",
"product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.9.7-11"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9\u0026tag=v1.1.0-282"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64",
"product": {
"name": "openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64",
"product_id": "openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel9\u0026tag=v0.4.0-301"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64",
"product": {
"name": "openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64",
"product_id": "openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel9\u0026tag=v5.9.7-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64",
"product": {
"name": "openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64",
"product_id": "openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel9\u0026tag=v3.1.1-10"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64",
"product": {
"name": "openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64",
"product_id": "openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel9\u0026tag=v0.34.1-19"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64",
"product_id": "openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel9\u0026tag=v5.9.7-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64",
"product": {
"name": "openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64",
"product_id": "openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-operator-bundle\u0026tag=v5.9.7-16"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64",
"product": {
"name": "openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64",
"product_id": "openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel9-operator\u0026tag=v5.9.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64",
"product_id": "openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel9\u0026tag=v0.1.0-653"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64",
"product": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64",
"product_id": "openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel9\u0026tag=v0.1.0-288"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x",
"product": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x",
"product_id": "openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator\u0026tag=v5.9.7-6"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x",
"product_id": "openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9\u0026tag=v1.1.0-282"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x",
"product": {
"name": "openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x",
"product_id": "openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel9\u0026tag=v0.4.0-301"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x",
"product": {
"name": "openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x",
"product_id": "openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel9\u0026tag=v5.9.7-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x",
"product": {
"name": "openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x",
"product_id": "openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel9\u0026tag=v3.1.1-10"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x",
"product": {
"name": "openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x",
"product_id": "openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel9\u0026tag=v0.34.1-19"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x",
"product_id": "openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel9\u0026tag=v5.9.7-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x",
"product": {
"name": "openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x",
"product_id": "openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel9-operator\u0026tag=v5.9.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x",
"product_id": "openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel9\u0026tag=v0.1.0-653"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x",
"product": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x",
"product_id": "openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel9\u0026tag=v0.1.0-288"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64",
"product": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64",
"product_id": "openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel9-operator\u0026tag=v5.9.7-6"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64",
"product": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64",
"product_id": "openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel9\u0026tag=v1.1.0-282"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64",
"product": {
"name": "openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64",
"product_id": "openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel9\u0026tag=v0.4.0-301"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64",
"product": {
"name": "openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64",
"product_id": "openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64",
"product_identification_helper": {
"purl": "pkg:oci/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel9\u0026tag=v5.9.7-3"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64",
"product": {
"name": "openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64",
"product_id": "openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-loki-rhel9\u0026tag=v3.1.1-10"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64",
"product": {
"name": "openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64",
"product_id": "openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/vector-rhel9\u0026tag=v0.34.1-19"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64",
"product": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64",
"product_id": "openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/logging-view-plugin-rhel9\u0026tag=v5.9.7-5"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64",
"product": {
"name": "openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64",
"product_id": "openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64",
"product_identification_helper": {
"purl": "pkg:oci/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/loki-rhel9-operator\u0026tag=v5.9.7-7"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64",
"product": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64",
"product_id": "openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/lokistack-gateway-rhel9\u0026tag=v0.1.0-653"
}
}
},
{
"category": "product_version",
"name": "openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64",
"product": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64",
"product_id": "openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64",
"product_identification_helper": {
"purl": "pkg:oci/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22?arch=arm64\u0026repository_url=registry.redhat.io/openshift-logging/opa-openshift-rhel9\u0026tag=v0.1.0-288"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64"
},
"product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64"
},
"product_reference": "openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64"
},
"product_reference": "openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le"
},
"product_reference": "openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x"
},
"product_reference": "openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64"
},
"product_reference": "openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le"
},
"product_reference": "openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64"
},
"product_reference": "openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x"
},
"product_reference": "openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x"
},
"product_reference": "openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64"
},
"product_reference": "openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64"
},
"product_reference": "openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le"
},
"product_reference": "openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le"
},
"product_reference": "openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le"
},
"product_reference": "openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x"
},
"product_reference": "openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64"
},
"product_reference": "openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64"
},
"product_reference": "openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64"
},
"product_reference": "openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64"
},
"product_reference": "openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64"
},
"product_reference": "openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64"
},
"product_reference": "openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x"
},
"product_reference": "openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le"
},
"product_reference": "openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64"
},
"product_reference": "openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64"
},
"product_reference": "openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64"
},
"product_reference": "openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le"
},
"product_reference": "openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x"
},
"product_reference": "openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64"
},
"product_reference": "openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64 as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64"
},
"product_reference": "openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le"
},
"product_reference": "openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le",
"relates_to_product_reference": "9Base-RHOL-5.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x as a component of RHOL 5.9 for RHEL 9",
"product_id": "9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x"
},
"product_reference": "openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x",
"relates_to_product_reference": "9Base-RHOL-5.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-6104",
"cwe": {
"id": "CWE-532",
"name": "Insertion of Sensitive Information into Log File"
},
"discovery_date": "2024-06-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2294000"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in go-retryablehttp. The package may suffer from a lack of input sanitization by not cleaning up URL data when writing to the logs. This issue could expose sensitive authentication information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go-retryablehttp: url might write sensitive information to log file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-6104"
},
{
"category": "external",
"summary": "RHBZ#2294000",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294000"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-6104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6104"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6104",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6104"
}
],
"release_date": "2024-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T12:03:29+00:00",
"details": "For OpenShift Container Platform 4.14 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html\n\nFor Red Hat OpenShift Logging 5.9, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.14/logging/cluster-logging-upgrading.html",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7324"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "go-retryablehttp: url might write sensitive information to log file"
},
{
"cve": "CVE-2024-45296",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-09-09T19:20:18.127723+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310908"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: Backtracking regular expressions cause ReDoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45296"
},
{
"category": "external",
"summary": "RHBZ#2310908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f",
"url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6",
"url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j",
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j"
}
],
"release_date": "2024-09-09T19:15:13.330000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T12:03:29+00:00",
"details": "For OpenShift Container Platform 4.14 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html\n\nFor Red Hat OpenShift Logging 5.9, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.14/logging/cluster-logging-upgrading.html",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7324"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: Backtracking regular expressions cause ReDoS"
},
{
"cve": "CVE-2024-45801",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-09-16T19:20:09.863249+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2312631"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in DOMPurify. This issue may allow an attacker to use specially-crafted HTML to bypass the depth checking or use Prototype Pollution to weaken the depth check, which can lead to cross site scripting (XSS) attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dompurify: XSS vulnerability via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in DOMPurify, while significant, is categorized as moderate severity rather than important due to its specific conditions for exploitation. The issue requires not only a sophisticated nesting technique to bypass the depth checks but also the ability to leverage Prototype Pollution to weaken these protections. This makes the attack scenario relatively complex and less likely to be encountered in general use cases. Furthermore, the flaw impacts only certain configurations and usage patterns, thus reducing its immediate risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45801"
},
{
"category": "external",
"summary": "RHBZ#2312631",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312631"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45801",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45801"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21",
"url": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc",
"url": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674",
"url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674"
}
],
"release_date": "2024-09-16T19:16:11.080000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-02T12:03:29+00:00",
"details": "For OpenShift Container Platform 4.14 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.14/release_notes/ocp-4-14-release-notes.html\n\nFor Red Hat OpenShift Logging 5.9, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.14/logging/cluster-logging-upgrading.html",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:7324"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHOL-5.9:openshift-logging/cluster-logging-operator-bundle@sha256:3b1f61f40556c931ec5bc8a99a6c7917bc5cb7dd6fe13ef8cd2603882d0eee58_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:81429833f5eace1ed0551c24e36f4b62e6f8e636b0aaa9d51ca631bd38e39d55_amd64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:c6bad5602c46f96702e1a8229d4cf2d0a52448b52921baf956be73d13b17238a_arm64",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:d141094a566076a1a6446432d879e3d2d04a9d2d4d6b312329939b149edefa74_ppc64le",
"9Base-RHOL-5.9:openshift-logging/cluster-logging-rhel9-operator@sha256:da1b89713f57187a47e213bf2327253d4b86f67a1782542c50d53a0aff9fb32d_s390x",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:1a8036416fe14318ef86d4c5c647fb9fb0df1b46a5d49f3e814a2502e026f6c9_amd64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:55bddb959a24589db81c899b763d93e52d39c03e949341ab59139af4646657d7_ppc64le",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:b873cbc4bfff8e599afa0adf773a62f1e4884d1199dd3c42cfb1062ea064b0e1_arm64",
"9Base-RHOL-5.9:openshift-logging/eventrouter-rhel9@sha256:e1390da0cb3e5947d394bbff3fa1df521a26c5be01ea829024a28cc4b960d14a_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:473a6e8f3f9b879038eeffbd9ea3f1ce51fd30e2614598f5ed96a9699e1e0840_s390x",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:6e3aedfb93fb759ebd5e88d6fcd5b7733a3e64b86bcf33569cd8abd833ca5317_arm64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:87ee3510ca2eafafc914fbafb591d871757ebbfe6ff1765b3d448c3fa1f9f1a4_amd64",
"9Base-RHOL-5.9:openshift-logging/fluentd-rhel9@sha256:e39aeb29fead7c4899b76b9fd90a03b49875de0660dc0f701885617c4ebd2ee5_ppc64le",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:0e20cce12cf234424ba883d582e4b5409d5abad895ea1411ed94400a919efa26_s390x",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:165d702c6c6a3f882ac7b413510cb119239ad338012a58033ba9c80757ee6f0d_amd64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:8a3d87c76ccca2710d4009c483ff3849c0db0097134bf522eedfac20236b72a3_arm64",
"9Base-RHOL-5.9:openshift-logging/log-file-metric-exporter-rhel9@sha256:b4e6a62a9711825f16d61bce5ce8926773671aa0fa826122a0a9cc7ce0a35f04_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:35e06a641268891b41c419e7471038eaee91cb8a4807e1ad2052832a053d8044_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:4f887ba3569acde13bf34fa86cd8e2899281f9d4efc83f6ddaf18cc39f9b8f24_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:6ed9df1170b26d52fd6fd825c4f80603e6e481e1d0cfad67cdc8f68ffb10cce8_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-loki-rhel9@sha256:f6664dc6c451fae94f44aa48b7d7d33f57f5fde96dbddb9717f00865a26c167a_arm64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:656f64a6a55c116fd22046faff1ffd218ee849342e69a4eb6c4b567e8c21ccd2_amd64",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:96f3970d474e6853cdb8f0ce1b9eb30b71063f8968d573d6593a45b3bb2d1775_ppc64le",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:aceefa76322cf8571a9a8b12fdcba70616fa2bc9f148223fe571505717b10f88_s390x",
"9Base-RHOL-5.9:openshift-logging/logging-view-plugin-rhel9@sha256:f0c4675a9fe55da1289949cc94f2fdc086007e1d72a12a8af2340fcaed8e9bf4_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-operator-bundle@sha256:a0f8da449df26650a1b5f0e756c91970702158fd4336c5c8b6bbef68d944eed1_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:2139b6fe5592c6591241c177ece47489be7e1c074f4be0032bd69c6075a06560_amd64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:a248f058102d9c31b0fa625a3ec6571ed707039b72186c1bb2b72d5dd5d76aab_arm64",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:ce77679763582b1d79a0b1873ccad041c390f66d2b2731029424fd71a929c68a_s390x",
"9Base-RHOL-5.9:openshift-logging/loki-rhel9-operator@sha256:dd12b57741366236dadec539b8a713a6b76a8e6e5ddfd06f55375c6cc3f07b61_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:23758e547a97de164a49e4b248a6548d9a738fafd3410702dce8c3eaa6c726ea_ppc64le",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:6daf7232e68fb9cf96bb924280b3dd489155c66bf968d3fab08bde877c7ddf1e_arm64",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:8ff03e32e8a86128f0d86897ef6d51b8e550331687b04e794d39aff92085c20d_s390x",
"9Base-RHOL-5.9:openshift-logging/lokistack-gateway-rhel9@sha256:db61beb43140554de31dfa4d8774ff6f12d629d38d27e017e800f973f87a66d5_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:048295f3106b5c3681c5f3bd43fc189fb27974403983e097c118c0789ebe8f22_arm64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2c73b67aace0a88a5946511ac323e873b27baa4a1678d9b3a5aecc303630e5e2_amd64",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:2d2139f6b181b70ac42953f1eb1c473a370b6835c13a1042eaa95312873f3f4f_ppc64le",
"9Base-RHOL-5.9:openshift-logging/opa-openshift-rhel9@sha256:8fc51ae71af5522c84b6653fc9930b6d64b900396c6d253d340ac74ffd5ad300_s390x",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:323ed7b70de3cca05ab437ad4839527e3123cd039fc80acd16e3cfabcaf1046b_arm64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:33d17ee43f935f9ecd123621ca19e957d95b4f9f1e16df5192330c69abaf6fb6_amd64",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:9c0aa87656a48d99ba3cd82350db54bb6303749e11e3a39252e1f58f18157bbe_ppc64le",
"9Base-RHOL-5.9:openshift-logging/vector-rhel9@sha256:fa22505c9f61ec65d258125530bffe12e925be8e7f4479266c6e717eaed89aa5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dompurify: XSS vulnerability via prototype pollution"
}
]
}
rhsa-2024_8014
Vulnerability from csaf_redhat
Published
2024-10-22 01:05
Modified
2024-11-21 21:09
Summary
Red Hat Security Advisory: Network Observability 1.7.0 for OpenShift
Notes
Topic
Network Observability 1.7 for Red Hat OpenShift
Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.
Details
Network Observability 1.7.0
Security Fix(es):
* Network Observability: Code Execution Vulnerability in Send Library (CVE-2024-43799)
* Network Observability: XSS vulnerability via prototype pollution (CVE-2024-45801)
* Network Observability: axios: Server-Side Request Forgery (CVE-2024-39338)
* Network Observability: Denial of Service Vulnerability in body-parser (CVE-2024-45590)
* Network Observability: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule (CVE-2024-43788)
* Network Observability: Backtracking regular expressions cause ReDoS (CVE-2024-45296)
* Network Observability: Improper Input Handling in Express Redirects (CVE-2024-43796)
* Network Observability: Improper Sanitization in serve-static (CVE-2024-43800)
* Network Observability: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)
* Network Observability: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion (CVE-2024-34155)
* Network Observability: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion (CVE-2024-34158)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Network Observability 1.7 for Red Hat OpenShift\n\nRed Hat Product Security has rated this update as having a security impact of\nImportant. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Network Observability 1.7.0\n\nSecurity Fix(es):\n\n* Network Observability: Code Execution Vulnerability in Send Library (CVE-2024-43799)\n* Network Observability: XSS vulnerability via prototype pollution (CVE-2024-45801)\n* Network Observability: axios: Server-Side Request Forgery (CVE-2024-39338)\n* Network Observability: Denial of Service Vulnerability in body-parser (CVE-2024-45590)\n* Network Observability: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule (CVE-2024-43788)\n* Network Observability: Backtracking regular expressions cause ReDoS (CVE-2024-45296)\n* Network Observability: Improper Input Handling in Express Redirects (CVE-2024-43796)\n* Network Observability: Improper Sanitization in serve-static (CVE-2024-43800)\n* Network Observability: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)\n* Network Observability: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion (CVE-2024-34155)\n* Network Observability: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion (CVE-2024-34158)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:8014",
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2308193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308193"
},
{
"category": "external",
"summary": "2310527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310527"
},
{
"category": "external",
"summary": "2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "2310529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310529"
},
{
"category": "external",
"summary": "2310908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908"
},
{
"category": "external",
"summary": "2311152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311152"
},
{
"category": "external",
"summary": "2311153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311153"
},
{
"category": "external",
"summary": "2311154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311154"
},
{
"category": "external",
"summary": "2311171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311171"
},
{
"category": "external",
"summary": "2312631",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312631"
},
{
"category": "external",
"summary": "NETOBSERV-1377",
"url": "https://issues.redhat.com/browse/NETOBSERV-1377"
},
{
"category": "external",
"summary": "NETOBSERV-1509",
"url": "https://issues.redhat.com/browse/NETOBSERV-1509"
},
{
"category": "external",
"summary": "NETOBSERV-1538",
"url": "https://issues.redhat.com/browse/NETOBSERV-1538"
},
{
"category": "external",
"summary": "NETOBSERV-1540",
"url": "https://issues.redhat.com/browse/NETOBSERV-1540"
},
{
"category": "external",
"summary": "NETOBSERV-1564",
"url": "https://issues.redhat.com/browse/NETOBSERV-1564"
},
{
"category": "external",
"summary": "NETOBSERV-163",
"url": "https://issues.redhat.com/browse/NETOBSERV-163"
},
{
"category": "external",
"summary": "NETOBSERV-1666",
"url": "https://issues.redhat.com/browse/NETOBSERV-1666"
},
{
"category": "external",
"summary": "NETOBSERV-1667",
"url": "https://issues.redhat.com/browse/NETOBSERV-1667"
},
{
"category": "external",
"summary": "NETOBSERV-1733",
"url": "https://issues.redhat.com/browse/NETOBSERV-1733"
},
{
"category": "external",
"summary": "NETOBSERV-1746",
"url": "https://issues.redhat.com/browse/NETOBSERV-1746"
},
{
"category": "external",
"summary": "NETOBSERV-1748",
"url": "https://issues.redhat.com/browse/NETOBSERV-1748"
},
{
"category": "external",
"summary": "NETOBSERV-1753",
"url": "https://issues.redhat.com/browse/NETOBSERV-1753"
},
{
"category": "external",
"summary": "NETOBSERV-1766",
"url": "https://issues.redhat.com/browse/NETOBSERV-1766"
},
{
"category": "external",
"summary": "NETOBSERV-1779",
"url": "https://issues.redhat.com/browse/NETOBSERV-1779"
},
{
"category": "external",
"summary": "NETOBSERV-1783",
"url": "https://issues.redhat.com/browse/NETOBSERV-1783"
},
{
"category": "external",
"summary": "NETOBSERV-1788",
"url": "https://issues.redhat.com/browse/NETOBSERV-1788"
},
{
"category": "external",
"summary": "NETOBSERV-1798",
"url": "https://issues.redhat.com/browse/NETOBSERV-1798"
},
{
"category": "external",
"summary": "NETOBSERV-1805",
"url": "https://issues.redhat.com/browse/NETOBSERV-1805"
},
{
"category": "external",
"summary": "NETOBSERV-1806",
"url": "https://issues.redhat.com/browse/NETOBSERV-1806"
},
{
"category": "external",
"summary": "NETOBSERV-1808",
"url": "https://issues.redhat.com/browse/NETOBSERV-1808"
},
{
"category": "external",
"summary": "NETOBSERV-1811",
"url": "https://issues.redhat.com/browse/NETOBSERV-1811"
},
{
"category": "external",
"summary": "NETOBSERV-1812",
"url": "https://issues.redhat.com/browse/NETOBSERV-1812"
},
{
"category": "external",
"summary": "NETOBSERV-1813",
"url": "https://issues.redhat.com/browse/NETOBSERV-1813"
},
{
"category": "external",
"summary": "NETOBSERV-1816",
"url": "https://issues.redhat.com/browse/NETOBSERV-1816"
},
{
"category": "external",
"summary": "NETOBSERV-1819",
"url": "https://issues.redhat.com/browse/NETOBSERV-1819"
},
{
"category": "external",
"summary": "NETOBSERV-1848",
"url": "https://issues.redhat.com/browse/NETOBSERV-1848"
},
{
"category": "external",
"summary": "NETOBSERV-1884",
"url": "https://issues.redhat.com/browse/NETOBSERV-1884"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_8014.json"
}
],
"title": "Red Hat Security Advisory: Network Observability 1.7.0 for OpenShift",
"tracking": {
"current_release_date": "2024-11-21T21:09:52+00:00",
"generator": {
"date": "2024-11-21T21:09:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2024:8014",
"initial_release_date": "2024-10-22T01:05:39+00:00",
"revision_history": [
{
"date": "2024-10-22T01:05:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-10-22T01:05:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-21T21:09:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "NETOBSERV 1.7 for RHEL 9",
"product": {
"name": "NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:network_observ_optr:1.7.0::el9"
}
}
}
],
"category": "product_family",
"name": "Network Observability"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"product": {
"name": "network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"product_id": "network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"product_id": "network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.7.0-86"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba?arch=amd64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.7.0-67"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"product": {
"name": "network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"product_id": "network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"product_id": "network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.7.0-86"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a?arch=ppc64le\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.7.0-67"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"product": {
"name": "network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"product_id": "network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"product_id": "network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.7.0-86"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080?arch=arm64\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.7.0-67"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"product": {
"name": "network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"product_id": "network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-cli-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"product": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"product_id": "network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-console-plugin-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"product": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"product_id": "network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-ebpf-agent-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"product": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"product_id": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-flowlogs-pipeline-rhel9\u0026tag=v1.7.0-67"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"product": {
"name": "network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"product_id": "network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-operator-bundle\u0026tag=1.7.0-86"
}
}
},
{
"category": "product_version",
"name": "network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"product": {
"name": "network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"product_id": "network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"product_identification_helper": {
"purl": "pkg:oci/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134?arch=s390x\u0026repository_url=registry.redhat.io/network-observability/network-observability-rhel9-operator\u0026tag=v1.7.0-67"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le"
},
"product_reference": "network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64 as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64"
},
"product_reference": "network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x"
},
"product_reference": "network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64 as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64"
},
"product_reference": "network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64 as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64 as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64"
},
"product_reference": "network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64 as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64 as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64"
},
"product_reference": "network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64 as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64 as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le"
},
"product_reference": "network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64 as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64 as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le"
},
"product_reference": "network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64 as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64 as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le as a component of NETOBSERV 1.7 for RHEL 9",
"product_id": "9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
},
"product_reference": "network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le",
"relates_to_product_reference": "9Base-NETWORK-OBSERVABILITY-1.7.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34155",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:06.929766+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310527"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the go/parser package of the Golang standard library. Calling any Parse functions on Go source code containing deeply nested literals can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34155"
},
{
"category": "external",
"summary": "RHBZ#2310527",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310527"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34155",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34155"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34155",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34155"
},
{
"category": "external",
"summary": "https://go.dev/cl/611238",
"url": "https://go.dev/cl/611238"
},
{
"category": "external",
"summary": "https://go.dev/issue/69138",
"url": "https://go.dev/issue/69138"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3105",
"url": "https://pkg.go.dev/vuln/GO-2024-3105"
}
],
"release_date": "2024-09-06T21:15:11.947000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T01:05:39+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion"
},
{
"cve": "CVE-2024-34156",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2024-09-06T21:20:09.377905+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310528"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34156"
},
{
"category": "external",
"summary": "RHBZ#2310528",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
},
{
"category": "external",
"summary": "https://go.dev/cl/611239",
"url": "https://go.dev/cl/611239"
},
{
"category": "external",
"summary": "https://go.dev/issue/69139",
"url": "https://go.dev/issue/69139"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3106",
"url": "https://pkg.go.dev/vuln/GO-2024-3106"
}
],
"release_date": "2024-09-06T21:15:12.020000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T01:05:39+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-34158",
"cwe": {
"id": "CWE-1325",
"name": "Improperly Controlled Sequential Memory Allocation"
},
"discovery_date": "2024-09-06T21:20:12.126400+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310529"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the go/build/constraint package of the Golang standard library. Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34158"
},
{
"category": "external",
"summary": "RHBZ#2310529",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310529"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34158",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34158"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34158",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34158"
},
{
"category": "external",
"summary": "https://go.dev/cl/611240",
"url": "https://go.dev/cl/611240"
},
{
"category": "external",
"summary": "https://go.dev/issue/69141",
"url": "https://go.dev/issue/69141"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
"url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3107",
"url": "https://pkg.go.dev/vuln/GO-2024-3107"
}
],
"release_date": "2024-09-06T21:15:12.083000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T01:05:39+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion"
},
{
"cve": "CVE-2024-39338",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2024-08-13T17:21:32.774718+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2304369"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: axios: Server-Side Request Forgery",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-39338"
},
{
"category": "external",
"summary": "RHBZ#2304369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304369"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases",
"url": "https://github.com/axios/axios/releases"
},
{
"category": "external",
"summary": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html",
"url": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html"
}
],
"release_date": "2024-08-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T01:05:39+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: axios: Server-Side Request Forgery"
},
{
"cve": "CVE-2024-43788",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-08-27T17:20:06.890123+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2308193"
}
],
"notes": [
{
"category": "description",
"text": "A DOM Clobbering vulnerability was found in Webpack via `AutoPublicPathRuntimeModule`. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script through seemingly benign HTML markups in the webpage, for example, through a post or comment, and leverages the gadgets (pieces of JS code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to Cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or ID attributes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this issue is classified as moderate rather than important due to the specific conditions required for exploitation. DOM Clobbering, while serious, can only be leveraged in environments where an attacker has the ability to inject unsanitized HTML attributes (e.g., `name` or `id`) into a web page. This limits the attack surface to applications that improperly sanitize user input and rely on Webpack-generated files. Furthermore, the exploitation depends on existing vulnerabilities in the sanitization process, rather than the direct execution of arbitrary scripts. As a result, while the issue can lead to XSS, its impact is constrained by the contextual requirement of HTML injection, lowering its overall severity compared to more direct XSS vectors.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43788"
},
{
"category": "external",
"summary": "RHBZ#2308193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308193"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43788",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43788"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61",
"url": "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61"
},
{
"category": "external",
"summary": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986",
"url": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986"
},
{
"category": "external",
"summary": "https://research.securitum.com/xss-in-amp4email-dom-clobbering",
"url": "https://research.securitum.com/xss-in-amp4email-dom-clobbering"
},
{
"category": "external",
"summary": "https://scnps.co/papers/sp23_domclob.pdf",
"url": "https://scnps.co/papers/sp23_domclob.pdf"
}
],
"release_date": "2024-08-27T17:15:07.967000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T01:05:39+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule"
},
{
"cve": "CVE-2024-43796",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:28.106254+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311152"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Express. This vulnerability allows untrusted code execution via passing untrusted user input to response.redirect(), even if the input is sanitized.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "express: Improper Input Handling in Express Redirects",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43796"
},
{
"category": "external",
"summary": "RHBZ#2311152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43796"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553",
"url": "https://github.com/expressjs/express/commit/54271f69b511fea198471e6ff3400ab805d6b553"
},
{
"category": "external",
"summary": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx",
"url": "https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx"
}
],
"release_date": "2024-09-10T15:15:17.510000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T01:05:39+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "express: Improper Input Handling in Express Redirects"
},
{
"cve": "CVE-2024-43799",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:30.869487+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311153"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Send library. This vulnerability allows remote code execution via untrusted input passed to the SendStream.redirect() function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "send: Code Execution Vulnerability in Send Library",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43799"
},
{
"category": "external",
"summary": "RHBZ#2311153",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311153"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43799"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35",
"url": "https://github.com/pillarjs/send/commit/ae4f2989491b392ae2ef3b0015a019770ae65d35"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg",
"url": "https://github.com/pillarjs/send/security/advisories/GHSA-m6fv-jmcg-4jfg"
}
],
"release_date": "2024-09-10T15:15:17.727000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T01:05:39+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "send: Code Execution Vulnerability in Send Library"
},
{
"cve": "CVE-2024-43800",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-10T15:30:33.631718+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in serve-static. This issue may allow the execution of untrusted code via passing sanitized yet untrusted user input to redirect().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "serve-static: Improper Sanitization in serve-static",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-43800"
},
{
"category": "external",
"summary": "RHBZ#2311154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43800"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b",
"url": "https://github.com/expressjs/serve-static/commit/0c11fad159898cdc69fd9ab63269b72468ecaf6b"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa",
"url": "https://github.com/expressjs/serve-static/commit/ce730896fddce1588111d9ef6fdf20896de5c6fa"
},
{
"category": "external",
"summary": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p",
"url": "https://github.com/expressjs/serve-static/security/advisories/GHSA-cm22-4g7w-348p"
}
],
"release_date": "2024-09-10T15:15:17.937000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T01:05:39+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "serve-static: Improper Sanitization in serve-static"
},
{
"cve": "CVE-2024-45296",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-09-09T19:20:18.127723+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310908"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: Backtracking regular expressions cause ReDoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45296"
},
{
"category": "external",
"summary": "RHBZ#2310908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f",
"url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6",
"url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j",
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j"
}
],
"release_date": "2024-09-09T19:15:13.330000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T01:05:39+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: Backtracking regular expressions cause ReDoS"
},
{
"cve": "CVE-2024-45590",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2024-09-10T16:20:29.292154+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2311171"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "body-parser: Denial of Service Vulnerability in body-parser",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45590"
},
{
"category": "external",
"summary": "RHBZ#2311171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311171"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45590"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce",
"url": "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce"
},
{
"category": "external",
"summary": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7",
"url": "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7"
}
],
"release_date": "2024-09-10T16:15:21.083000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T01:05:39+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "body-parser: Denial of Service Vulnerability in body-parser"
},
{
"cve": "CVE-2024-45801",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-09-16T19:20:09.863249+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2312631"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in DOMPurify. This issue may allow an attacker to use specially-crafted HTML to bypass the depth checking or use Prototype Pollution to weaken the depth check, which can lead to cross site scripting (XSS) attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dompurify: XSS vulnerability via prototype pollution",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in DOMPurify, while significant, is categorized as moderate severity rather than important due to its specific conditions for exploitation. The issue requires not only a sophisticated nesting technique to bypass the depth checks but also the ability to leverage Prototype Pollution to weaken these protections. This makes the attack scenario relatively complex and less likely to be encountered in general use cases. Furthermore, the flaw impacts only certain configurations and usage patterns, thus reducing its immediate risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45801"
},
{
"category": "external",
"summary": "RHBZ#2312631",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312631"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45801",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45801"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45801",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45801"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21",
"url": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc",
"url": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674",
"url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674"
}
],
"release_date": "2024-09-16T19:16:11.080000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-10-22T01:05:39+00:00",
"details": "For details on how to apply this update, refer to: \n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:8014"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:1587047e407a77f7ac1d963cc9bbfdb5c2472554cad8367f0a96a4699528134d_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:7c2c2c0c0c255c1ef1579b63337d35174a330374a7deaff3c3c1e39ff48e89ee_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:bd8b5a7f1f9369c1f6fe3782c79b4145c3467b3f82e083e1eb83d76a8df21fdd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-cli-rhel9@sha256:c469d89f77d04b257c6bf9814a3782540139e35c83ac73c2e5820c20ec2146fd_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:10d159c57623d2e098b401331de93d8d591b78e133785dea89d9694ee76ded0f_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:46cee52d96fee8b3f5cd151c21e5b886841cff53b4d65cb6264d39acd9c6a7cd_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:b811f8d5b133d9a90f575d23f7a91e184ef8b6d640fb0cd7732f155d40f51c86_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-console-plugin-rhel9@sha256:ccf31db5ef85f57422a16a61a5c6aea883396699e1cc8c0f6043d2fc7eb0b8e9_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:8016c95a9891094692764956dc9df211e8a0f8cdcf14e6682565d4c35325e0bf_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:ae64fda5860fa3cbdd9a81d56924cd32d69fbf67804e16cc2e1e5ca6f786dd8b_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:d36488d180acdca0e6b0fbe8dbe77af3464d5b1fc3efc9440ed130fec5e71ebe_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-ebpf-agent-rhel9@sha256:e979023e2e93f1ada9e3fd3e1268b39b4ac1fb9fe51357462e2ac7ddc8c49056_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:54a8042443e480f3543527d6121dbbaab57394554282b8f4fc885a1ba2b28844_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:87f4f7757826faf37710a88be3c2917b855088e02acb73f43eb7a77f61d00d45_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:8bb22f295ec8087a7163997588a4af0dce8f838407aa83f8bd09190a2943ad1e_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:b875fece4d49972e278450730f90bb5defa818aa2774dfa0e15d6f36ba50c840_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:268ac72b4a0bf05893cca0924a80ebd2107f3e859329406257da6ce59ec08dfe_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:3a3c70c990bd3a012453857698433d674b98445e55cc9c5c4ed38eea29eb82b1_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:c32c5ec7c6048f652200677c2a9cbde09ed05beeb818e292f21e6a52786b0a02_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-operator-bundle@sha256:ccf531d1181ccd1c6eb9ec45ea20069aa01b2924242596f25e551d055c9a0e1b_ppc64le",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:349de1a5389f131933bf39235705a4aa8137a8d4be561f66aa2b74f986489fba_amd64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:4f9cdf8c1c22a79d0690b18c363ade514262510f5fbb4062746210005e832134_s390x",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:8c5836a79d4f6562ed17db8488422db567f4a920908e1800b770ec04ffa78080_arm64",
"9Base-NETWORK-OBSERVABILITY-1.7.0:network-observability/network-observability-rhel9-operator@sha256:9c2c0e0b8f9c061983f48fca9c18d7a496d38fbc4f8b9274d2fef39a5824c40a_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dompurify: XSS vulnerability via prototype pollution"
}
]
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.