csaf_redhat - rhba-2023

rhba-2023_7492

Vulnerability from csaf_redhat

Published

2023-11-27 10:05

Modified

2024-09-16 19:49

Summary

Red Hat Bug Fix Advisory: RHODS 2.4 - Red Hat OpenShift Data Science

Notes

Topic

Updated images are now available for Red Hat OpenShift Data Science.

Details

Release of RHODS 2.4 provides these changes:

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated images are now available for Red Hat OpenShift Data Science.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Release of RHODS 2.4 provides these changes:",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHBA-2023:7492",
        "url": "https://access.redhat.com/errata/RHBA-2023:7492"
      },
      {
        "category": "external",
        "summary": "FAI-982",
        "url": "https://issues.redhat.com/browse/FAI-982"
      },
      {
        "category": "external",
        "summary": "FAI-983",
        "url": "https://issues.redhat.com/browse/FAI-983"
      },
      {
        "category": "external",
        "summary": "FAI-984",
        "url": "https://issues.redhat.com/browse/FAI-984"
      },
      {
        "category": "external",
        "summary": "RHOAIENG-228",
        "url": "https://issues.redhat.com/browse/RHOAIENG-228"
      },
      {
        "category": "external",
        "summary": "RHODS-12782",
        "url": "https://issues.redhat.com/browse/RHODS-12782"
      },
      {
        "category": "external",
        "summary": "RHODS-12783",
        "url": "https://issues.redhat.com/browse/RHODS-12783"
      },
      {
        "category": "external",
        "summary": "RHODS-12784",
        "url": "https://issues.redhat.com/browse/RHODS-12784"
      },
      {
        "category": "external",
        "summary": "RHODS-12785",
        "url": "https://issues.redhat.com/browse/RHODS-12785"
      },
      {
        "category": "external",
        "summary": "RHODS-12787",
        "url": "https://issues.redhat.com/browse/RHODS-12787"
      },
      {
        "category": "external",
        "summary": "RHODS-12834",
        "url": "https://issues.redhat.com/browse/RHODS-12834"
      },
      {
        "category": "external",
        "summary": "RHODS-12860",
        "url": "https://issues.redhat.com/browse/RHODS-12860"
      },
      {
        "category": "external",
        "summary": "RHODS-2",
        "url": "https://issues.redhat.com/browse/RHODS-2"
      },
      {
        "category": "external",
        "summary": "RHODS-4050",
        "url": "https://issues.redhat.com/browse/RHODS-4050"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhba-2023_7492.json"
      }
    ],
    "title": "Red Hat Bug Fix Advisory: RHODS 2.4 - Red Hat OpenShift Data Science",
    "tracking": {
      "current_release_date": "2024-09-16T19:49:43+00:00",
      "generator": {
        "date": "2024-09-16T19:49:43+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHBA-2023:7492",
      "initial_release_date": "2023-11-27T10:05:54+00:00",
      "revision_history": [
        {
          "date": "2023-11-27T10:05:54+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-11-27T10:05:54+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-16T19:49:43+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHODS-2.4-RHEL-8",
                "product": {
                  "name": "RHODS-2.4-RHEL-8",
                  "product_id": "8Base-RHODS-2.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_data_science:2.4::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Data Science"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhods/odh-codeflare-operator-rhel8@sha256:dd14914e92bde9e834b5b806e296ed210e9e45c1e71d3ca8d07492a967e41646_amd64",
                "product": {
                  "name": "rhods/odh-codeflare-operator-rhel8@sha256:dd14914e92bde9e834b5b806e296ed210e9e45c1e71d3ca8d07492a967e41646_amd64",
                  "product_id": "rhods/odh-codeflare-operator-rhel8@sha256:dd14914e92bde9e834b5b806e296ed210e9e45c1e71d3ca8d07492a967e41646_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-codeflare-operator-rhel8@sha256:dd14914e92bde9e834b5b806e296ed210e9e45c1e71d3ca8d07492a967e41646?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-codeflare-operator-rhel8\u0026tag=v2.4.0-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-dashboard-rhel8@sha256:4fb3e19665921164a9e3efbb83da2493af197e9511198bec2ef26be458bbe4af_amd64",
                "product": {
                  "name": "rhods/odh-dashboard-rhel8@sha256:4fb3e19665921164a9e3efbb83da2493af197e9511198bec2ef26be458bbe4af_amd64",
                  "product_id": "rhods/odh-dashboard-rhel8@sha256:4fb3e19665921164a9e3efbb83da2493af197e9511198bec2ef26be458bbe4af_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-dashboard-rhel8@sha256:4fb3e19665921164a9e3efbb83da2493af197e9511198bec2ef26be458bbe4af?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-dashboard-rhel8\u0026tag=v2.4.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f1511effdf68329a092cc8de8879b99e6b412fe5e54dac78c0d1702cbe22615_amd64",
                "product": {
                  "name": "rhods/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f1511effdf68329a092cc8de8879b99e6b412fe5e54dac78c0d1702cbe22615_amd64",
                  "product_id": "rhods/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f1511effdf68329a092cc8de8879b99e6b412fe5e54dac78c0d1702cbe22615_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f1511effdf68329a092cc8de8879b99e6b412fe5e54dac78c0d1702cbe22615?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-data-science-pipelines-operator-controller-rhel8\u0026tag=v2.4.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-kf-notebook-controller-rhel8@sha256:18bdde1e5d61663b56fad3135d046ab29d45ddde030059d2332dbe08f33baa22_amd64",
                "product": {
                  "name": "rhods/odh-kf-notebook-controller-rhel8@sha256:18bdde1e5d61663b56fad3135d046ab29d45ddde030059d2332dbe08f33baa22_amd64",
                  "product_id": "rhods/odh-kf-notebook-controller-rhel8@sha256:18bdde1e5d61663b56fad3135d046ab29d45ddde030059d2332dbe08f33baa22_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-kf-notebook-controller-rhel8@sha256:18bdde1e5d61663b56fad3135d046ab29d45ddde030059d2332dbe08f33baa22?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-kf-notebook-controller-rhel8\u0026tag=v2.4.0-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-kuberay-operator-controller-rhel8@sha256:6031c4b0cd16ad69e8ddffa27850797f2fcbed37453dc5eadcfc51fddd4fe16e_amd64",
                "product": {
                  "name": "rhods/odh-kuberay-operator-controller-rhel8@sha256:6031c4b0cd16ad69e8ddffa27850797f2fcbed37453dc5eadcfc51fddd4fe16e_amd64",
                  "product_id": "rhods/odh-kuberay-operator-controller-rhel8@sha256:6031c4b0cd16ad69e8ddffa27850797f2fcbed37453dc5eadcfc51fddd4fe16e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-kuberay-operator-controller-rhel8@sha256:6031c4b0cd16ad69e8ddffa27850797f2fcbed37453dc5eadcfc51fddd4fe16e?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-kuberay-operator-controller-rhel8\u0026tag=v2.4.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-ml-pipelines-api-server-rhel8@sha256:e93464874ea15a531ded124b911ef31f8f7eaa4a714e61b793ce4fcc70465dba_amd64",
                "product": {
                  "name": "rhods/odh-ml-pipelines-api-server-rhel8@sha256:e93464874ea15a531ded124b911ef31f8f7eaa4a714e61b793ce4fcc70465dba_amd64",
                  "product_id": "rhods/odh-ml-pipelines-api-server-rhel8@sha256:e93464874ea15a531ded124b911ef31f8f7eaa4a714e61b793ce4fcc70465dba_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-ml-pipelines-api-server-rhel8@sha256:e93464874ea15a531ded124b911ef31f8f7eaa4a714e61b793ce4fcc70465dba?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-ml-pipelines-api-server-rhel8\u0026tag=v2.4.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:3ad91b1853e45873885fdd8dcde094e5c0712a4ea93f2bf30c415c4153710e22_amd64",
                "product": {
                  "name": "rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:3ad91b1853e45873885fdd8dcde094e5c0712a4ea93f2bf30c415c4153710e22_amd64",
                  "product_id": "rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:3ad91b1853e45873885fdd8dcde094e5c0712a4ea93f2bf30c415c4153710e22_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-ml-pipelines-artifact-manager-rhel8@sha256:3ad91b1853e45873885fdd8dcde094e5c0712a4ea93f2bf30c415c4153710e22?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-ml-pipelines-artifact-manager-rhel8\u0026tag=v2.4.0-15"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-ml-pipelines-cache-rhel8@sha256:d8d6dade3fff4d7312d86226534279638fc981865394a75986bf1a7ff72752f4_amd64",
                "product": {
                  "name": "rhods/odh-ml-pipelines-cache-rhel8@sha256:d8d6dade3fff4d7312d86226534279638fc981865394a75986bf1a7ff72752f4_amd64",
                  "product_id": "rhods/odh-ml-pipelines-cache-rhel8@sha256:d8d6dade3fff4d7312d86226534279638fc981865394a75986bf1a7ff72752f4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-ml-pipelines-cache-rhel8@sha256:d8d6dade3fff4d7312d86226534279638fc981865394a75986bf1a7ff72752f4?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-ml-pipelines-cache-rhel8\u0026tag=v2.4.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:e543aaee276a4571c3a06505b0007ae2a435848dd417ee8e47b54481106f119f_amd64",
                "product": {
                  "name": "rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:e543aaee276a4571c3a06505b0007ae2a435848dd417ee8e47b54481106f119f_amd64",
                  "product_id": "rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:e543aaee276a4571c3a06505b0007ae2a435848dd417ee8e47b54481106f119f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-ml-pipelines-persistenceagent-rhel8@sha256:e543aaee276a4571c3a06505b0007ae2a435848dd417ee8e47b54481106f119f?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-ml-pipelines-persistenceagent-rhel8\u0026tag=v2.4.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:75a02edd646967593afd87f874bb207b22529af22b9e98be27781007186fe886_amd64",
                "product": {
                  "name": "rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:75a02edd646967593afd87f874bb207b22529af22b9e98be27781007186fe886_amd64",
                  "product_id": "rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:75a02edd646967593afd87f874bb207b22529af22b9e98be27781007186fe886_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:75a02edd646967593afd87f874bb207b22529af22b9e98be27781007186fe886?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-ml-pipelines-scheduledworkflow-rhel8\u0026tag=v2.4.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-mm-rest-proxy-rhel8@sha256:b3c796a289fb12ac59ce60e75a4266045bf071e91a022ba5a9c935f077df602d_amd64",
                "product": {
                  "name": "rhods/odh-mm-rest-proxy-rhel8@sha256:b3c796a289fb12ac59ce60e75a4266045bf071e91a022ba5a9c935f077df602d_amd64",
                  "product_id": "rhods/odh-mm-rest-proxy-rhel8@sha256:b3c796a289fb12ac59ce60e75a4266045bf071e91a022ba5a9c935f077df602d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-mm-rest-proxy-rhel8@sha256:b3c796a289fb12ac59ce60e75a4266045bf071e91a022ba5a9c935f077df602d?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-mm-rest-proxy-rhel8\u0026tag=v2.4.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-model-controller-rhel8@sha256:9808224f80f414b8af05cbfb1a6f3a292077d35ac1f403534c505f5bede517c5_amd64",
                "product": {
                  "name": "rhods/odh-model-controller-rhel8@sha256:9808224f80f414b8af05cbfb1a6f3a292077d35ac1f403534c505f5bede517c5_amd64",
                  "product_id": "rhods/odh-model-controller-rhel8@sha256:9808224f80f414b8af05cbfb1a6f3a292077d35ac1f403534c505f5bede517c5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-model-controller-rhel8@sha256:9808224f80f414b8af05cbfb1a6f3a292077d35ac1f403534c505f5bede517c5?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-model-controller-rhel8\u0026tag=v2.4.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-modelmesh-rhel8@sha256:d7605432021879d043f95602b77bc99804211e0e240628fd4fb285550df61fbc_amd64",
                "product": {
                  "name": "rhods/odh-modelmesh-rhel8@sha256:d7605432021879d043f95602b77bc99804211e0e240628fd4fb285550df61fbc_amd64",
                  "product_id": "rhods/odh-modelmesh-rhel8@sha256:d7605432021879d043f95602b77bc99804211e0e240628fd4fb285550df61fbc_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-modelmesh-rhel8@sha256:d7605432021879d043f95602b77bc99804211e0e240628fd4fb285550df61fbc?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-modelmesh-rhel8\u0026tag=v2.4.0-33"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:f99fb510544a7e72137e48f0dca08949159786658ed8a3b3b74cc1d132fd1d35_amd64",
                "product": {
                  "name": "rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:f99fb510544a7e72137e48f0dca08949159786658ed8a3b3b74cc1d132fd1d35_amd64",
                  "product_id": "rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:f99fb510544a7e72137e48f0dca08949159786658ed8a3b3b74cc1d132fd1d35_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-modelmesh-runtime-adapter-rhel8@sha256:f99fb510544a7e72137e48f0dca08949159786658ed8a3b3b74cc1d132fd1d35?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-modelmesh-runtime-adapter-rhel8\u0026tag=v2.4.0-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-modelmesh-serving-controller-rhel8@sha256:0f60f7523db4bf6c18bf69984e56ce632ceb1f0b4e868e73ef653b43e5034f75_amd64",
                "product": {
                  "name": "rhods/odh-modelmesh-serving-controller-rhel8@sha256:0f60f7523db4bf6c18bf69984e56ce632ceb1f0b4e868e73ef653b43e5034f75_amd64",
                  "product_id": "rhods/odh-modelmesh-serving-controller-rhel8@sha256:0f60f7523db4bf6c18bf69984e56ce632ceb1f0b4e868e73ef653b43e5034f75_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-modelmesh-serving-controller-rhel8@sha256:0f60f7523db4bf6c18bf69984e56ce632ceb1f0b4e868e73ef653b43e5034f75?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-modelmesh-serving-controller-rhel8\u0026tag=v2.4.0-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-notebook-controller-rhel8@sha256:19daaa5932e1297efc469eae97f0b7f1fb4b652d44aa828e3d3bcf5e9dfdc9b4_amd64",
                "product": {
                  "name": "rhods/odh-notebook-controller-rhel8@sha256:19daaa5932e1297efc469eae97f0b7f1fb4b652d44aa828e3d3bcf5e9dfdc9b4_amd64",
                  "product_id": "rhods/odh-notebook-controller-rhel8@sha256:19daaa5932e1297efc469eae97f0b7f1fb4b652d44aa828e3d3bcf5e9dfdc9b4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-notebook-controller-rhel8@sha256:19daaa5932e1297efc469eae97f0b7f1fb4b652d44aa828e3d3bcf5e9dfdc9b4?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-notebook-controller-rhel8\u0026tag=v2.4.0-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-operator-base-rhel8@sha256:e33814ce6b42423bb9a8237c6a4b5f58bbbd9239b8335f3fca85ad86fdc39a37_amd64",
                "product": {
                  "name": "rhods/odh-operator-base-rhel8@sha256:e33814ce6b42423bb9a8237c6a4b5f58bbbd9239b8335f3fca85ad86fdc39a37_amd64",
                  "product_id": "rhods/odh-operator-base-rhel8@sha256:e33814ce6b42423bb9a8237c6a4b5f58bbbd9239b8335f3fca85ad86fdc39a37_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-operator-base-rhel8@sha256:e33814ce6b42423bb9a8237c6a4b5f58bbbd9239b8335f3fca85ad86fdc39a37?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-operator-base-rhel8\u0026tag=v2.4.0-35"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-operator-bundle@sha256:b637a02d23bd8364cc8914421049eb60169c163ac70bff2f33591df1a1193002_amd64",
                "product": {
                  "name": "rhods/odh-operator-bundle@sha256:b637a02d23bd8364cc8914421049eb60169c163ac70bff2f33591df1a1193002_amd64",
                  "product_id": "rhods/odh-operator-bundle@sha256:b637a02d23bd8364cc8914421049eb60169c163ac70bff2f33591df1a1193002_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-operator-bundle@sha256:b637a02d23bd8364cc8914421049eb60169c163ac70bff2f33591df1a1193002?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-operator-bundle\u0026tag=v2.4.0-64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-rhel8-operator@sha256:00d56a2984ee01fa81cbe838567e448ce8acced37f7ff919e6e50cf951082ef2_amd64",
                "product": {
                  "name": "rhods/odh-rhel8-operator@sha256:00d56a2984ee01fa81cbe838567e448ce8acced37f7ff919e6e50cf951082ef2_amd64",
                  "product_id": "rhods/odh-rhel8-operator@sha256:00d56a2984ee01fa81cbe838567e448ce8acced37f7ff919e6e50cf951082ef2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-rhel8-operator@sha256:00d56a2984ee01fa81cbe838567e448ce8acced37f7ff919e6e50cf951082ef2?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-rhel8-operator\u0026tag=v2.4.0-46"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-trustyai-service-rhel8@sha256:77d74af5cd5819cee3341505a3d329fbf622ad892df67faa85f4e6a40ccc6322_amd64",
                "product": {
                  "name": "rhods/odh-trustyai-service-rhel8@sha256:77d74af5cd5819cee3341505a3d329fbf622ad892df67faa85f4e6a40ccc6322_amd64",
                  "product_id": "rhods/odh-trustyai-service-rhel8@sha256:77d74af5cd5819cee3341505a3d329fbf622ad892df67faa85f4e6a40ccc6322_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-trustyai-service-rhel8@sha256:77d74af5cd5819cee3341505a3d329fbf622ad892df67faa85f4e6a40ccc6322?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-trustyai-service-rhel8\u0026tag=v2.4.0-34"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhods/odh-trustyai-service-operator-rhel8@sha256:c6a5d496f39aa30dbc90dee4cb81f6e54d1db3c8d388315b78782d631c5746ca_amd64",
                "product": {
                  "name": "rhods/odh-trustyai-service-operator-rhel8@sha256:c6a5d496f39aa30dbc90dee4cb81f6e54d1db3c8d388315b78782d631c5746ca_amd64",
                  "product_id": "rhods/odh-trustyai-service-operator-rhel8@sha256:c6a5d496f39aa30dbc90dee4cb81f6e54d1db3c8d388315b78782d631c5746ca_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/odh-trustyai-service-operator-rhel8@sha256:c6a5d496f39aa30dbc90dee4cb81f6e54d1db3c8d388315b78782d631c5746ca?arch=amd64\u0026repository_url=registry.redhat.io/rhods/odh-trustyai-service-operator-rhel8\u0026tag=v2.4.0-16"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-codeflare-operator-rhel8@sha256:dd14914e92bde9e834b5b806e296ed210e9e45c1e71d3ca8d07492a967e41646_amd64 as a component of RHODS-2.4-RHEL-8",
          "product_id": "8Base-RHODS-2.4:rhods/odh-codeflare-operator-rhel8@sha256:dd14914e92bde9e834b5b806e296ed210e9e45c1e71d3ca8d07492a967e41646_amd64"
        },
        "product_reference": "rhods/odh-codeflare-operator-rhel8@sha256:dd14914e92bde9e834b5b806e296ed210e9e45c1e71d3ca8d07492a967e41646_amd64",
        "relates_to_product_reference": "8Base-RHODS-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-dashboard-rhel8@sha256:4fb3e19665921164a9e3efbb83da2493af197e9511198bec2ef26be458bbe4af_amd64 as a component of RHODS-2.4-RHEL-8",
          "product_id": "8Base-RHODS-2.4:rhods/odh-dashboard-rhel8@sha256:4fb3e19665921164a9e3efbb83da2493af197e9511198bec2ef26be458bbe4af_amd64"
        },
        "product_reference": "rhods/odh-dashboard-rhel8@sha256:4fb3e19665921164a9e3efbb83da2493af197e9511198bec2ef26be458bbe4af_amd64",
        "relates_to_product_reference": "8Base-RHODS-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f1511effdf68329a092cc8de8879b99e6b412fe5e54dac78c0d1702cbe22615_amd64 as a component of RHODS-2.4-RHEL-8",
          "product_id": "8Base-RHODS-2.4:rhods/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f1511effdf68329a092cc8de8879b99e6b412fe5e54dac78c0d1702cbe22615_amd64"
        },
        "product_reference": "rhods/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f1511effdf68329a092cc8de8879b99e6b412fe5e54dac78c0d1702cbe22615_amd64",
        "relates_to_product_reference": "8Base-RHODS-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-kf-notebook-controller-rhel8@sha256:18bdde1e5d61663b56fad3135d046ab29d45ddde030059d2332dbe08f33baa22_amd64 as a component of RHODS-2.4-RHEL-8",
          "product_id": "8Base-RHODS-2.4:rhods/odh-kf-notebook-controller-rhel8@sha256:18bdde1e5d61663b56fad3135d046ab29d45ddde030059d2332dbe08f33baa22_amd64"
        },
        "product_reference": "rhods/odh-kf-notebook-controller-rhel8@sha256:18bdde1e5d61663b56fad3135d046ab29d45ddde030059d2332dbe08f33baa22_amd64",
        "relates_to_product_reference": "8Base-RHODS-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-kuberay-operator-controller-rhel8@sha256:6031c4b0cd16ad69e8ddffa27850797f2fcbed37453dc5eadcfc51fddd4fe16e_amd64 as a component of RHODS-2.4-RHEL-8",
          "product_id": "8Base-RHODS-2.4:rhods/odh-kuberay-operator-controller-rhel8@sha256:6031c4b0cd16ad69e8ddffa27850797f2fcbed37453dc5eadcfc51fddd4fe16e_amd64"
        },
        "product_reference": "rhods/odh-kuberay-operator-controller-rhel8@sha256:6031c4b0cd16ad69e8ddffa27850797f2fcbed37453dc5eadcfc51fddd4fe16e_amd64",
        "relates_to_product_reference": "8Base-RHODS-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-ml-pipelines-api-server-rhel8@sha256:e93464874ea15a531ded124b911ef31f8f7eaa4a714e61b793ce4fcc70465dba_amd64 as a component of RHODS-2.4-RHEL-8",
          "product_id": "8Base-RHODS-2.4:rhods/odh-ml-pipelines-api-server-rhel8@sha256:e93464874ea15a531ded124b911ef31f8f7eaa4a714e61b793ce4fcc70465dba_amd64"
        },
        "product_reference": "rhods/odh-ml-pipelines-api-server-rhel8@sha256:e93464874ea15a531ded124b911ef31f8f7eaa4a714e61b793ce4fcc70465dba_amd64",
        "relates_to_product_reference": "8Base-RHODS-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:3ad91b1853e45873885fdd8dcde094e5c0712a4ea93f2bf30c415c4153710e22_amd64 as a component of RHODS-2.4-RHEL-8",
          "product_id": "8Base-RHODS-2.4:rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:3ad91b1853e45873885fdd8dcde094e5c0712a4ea93f2bf30c415c4153710e22_amd64"
        },
        "product_reference": "rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:3ad91b1853e45873885fdd8dcde094e5c0712a4ea93f2bf30c415c4153710e22_amd64",
        "relates_to_product_reference": "8Base-RHODS-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-ml-pipelines-cache-rhel8@sha256:d8d6dade3fff4d7312d86226534279638fc981865394a75986bf1a7ff72752f4_amd64 as a component of RHODS-2.4-RHEL-8",
          "product_id": "8Base-RHODS-2.4:rhods/odh-ml-pipelines-cache-rhel8@sha256:d8d6dade3fff4d7312d86226534279638fc981865394a75986bf1a7ff72752f4_amd64"
        },
        "product_reference": "rhods/odh-ml-pipelines-cache-rhel8@sha256:d8d6dade3fff4d7312d86226534279638fc981865394a75986bf1a7ff72752f4_amd64",
        "relates_to_product_reference": "8Base-RHODS-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:e543aaee276a4571c3a06505b0007ae2a435848dd417ee8e47b54481106f119f_amd64 as a component of RHODS-2.4-RHEL-8",
          "product_id": "8Base-RHODS-2.4:rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:e543aaee276a4571c3a06505b0007ae2a435848dd417ee8e47b54481106f119f_amd64"
        },
        "product_reference": "rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:e543aaee276a4571c3a06505b0007ae2a435848dd417ee8e47b54481106f119f_amd64",
        "relates_to_product_reference": "8Base-RHODS-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:75a02edd646967593afd87f874bb207b22529af22b9e98be27781007186fe886_amd64 as a component of RHODS-2.4-RHEL-8",
          "product_id": "8Base-RHODS-2.4:rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:75a02edd646967593afd87f874bb207b22529af22b9e98be27781007186fe886_amd64"
        },
        "product_reference": "rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:75a02edd646967593afd87f874bb207b22529af22b9e98be27781007186fe886_amd64",
        "relates_to_product_reference": "8Base-RHODS-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-mm-rest-proxy-rhel8@sha256:b3c796a289fb12ac59ce60e75a4266045bf071e91a022ba5a9c935f077df602d_amd64 as a component of RHODS-2.4-RHEL-8",
          "product_id": "8Base-RHODS-2.4:rhods/odh-mm-rest-proxy-rhel8@sha256:b3c796a289fb12ac59ce60e75a4266045bf071e91a022ba5a9c935f077df602d_amd64"
        },
        "product_reference": "rhods/odh-mm-rest-proxy-rhel8@sha256:b3c796a289fb12ac59ce60e75a4266045bf071e91a022ba5a9c935f077df602d_amd64",
        "relates_to_product_reference": "8Base-RHODS-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-model-controller-rhel8@sha256:9808224f80f414b8af05cbfb1a6f3a292077d35ac1f403534c505f5bede517c5_amd64 as a component of RHODS-2.4-RHEL-8",
          "product_id": "8Base-RHODS-2.4:rhods/odh-model-controller-rhel8@sha256:9808224f80f414b8af05cbfb1a6f3a292077d35ac1f403534c505f5bede517c5_amd64"
        },
        "product_reference": "rhods/odh-model-controller-rhel8@sha256:9808224f80f414b8af05cbfb1a6f3a292077d35ac1f403534c505f5bede517c5_amd64",
        "relates_to_product_reference": "8Base-RHODS-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-modelmesh-rhel8@sha256:d7605432021879d043f95602b77bc99804211e0e240628fd4fb285550df61fbc_amd64 as a component of RHODS-2.4-RHEL-8",
          "product_id": "8Base-RHODS-2.4:rhods/odh-modelmesh-rhel8@sha256:d7605432021879d043f95602b77bc99804211e0e240628fd4fb285550df61fbc_amd64"
        },
        "product_reference": "rhods/odh-modelmesh-rhel8@sha256:d7605432021879d043f95602b77bc99804211e0e240628fd4fb285550df61fbc_amd64",
        "relates_to_product_reference": "8Base-RHODS-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:f99fb510544a7e72137e48f0dca08949159786658ed8a3b3b74cc1d132fd1d35_amd64 as a component of RHODS-2.4-RHEL-8",
          "product_id": "8Base-RHODS-2.4:rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:f99fb510544a7e72137e48f0dca08949159786658ed8a3b3b74cc1d132fd1d35_amd64"
        },
        "product_reference": "rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:f99fb510544a7e72137e48f0dca08949159786658ed8a3b3b74cc1d132fd1d35_amd64",
        "relates_to_product_reference": "8Base-RHODS-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-modelmesh-serving-controller-rhel8@sha256:0f60f7523db4bf6c18bf69984e56ce632ceb1f0b4e868e73ef653b43e5034f75_amd64 as a component of RHODS-2.4-RHEL-8",
          "product_id": "8Base-RHODS-2.4:rhods/odh-modelmesh-serving-controller-rhel8@sha256:0f60f7523db4bf6c18bf69984e56ce632ceb1f0b4e868e73ef653b43e5034f75_amd64"
        },
        "product_reference": "rhods/odh-modelmesh-serving-controller-rhel8@sha256:0f60f7523db4bf6c18bf69984e56ce632ceb1f0b4e868e73ef653b43e5034f75_amd64",
        "relates_to_product_reference": "8Base-RHODS-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-notebook-controller-rhel8@sha256:19daaa5932e1297efc469eae97f0b7f1fb4b652d44aa828e3d3bcf5e9dfdc9b4_amd64 as a component of RHODS-2.4-RHEL-8",
          "product_id": "8Base-RHODS-2.4:rhods/odh-notebook-controller-rhel8@sha256:19daaa5932e1297efc469eae97f0b7f1fb4b652d44aa828e3d3bcf5e9dfdc9b4_amd64"
        },
        "product_reference": "rhods/odh-notebook-controller-rhel8@sha256:19daaa5932e1297efc469eae97f0b7f1fb4b652d44aa828e3d3bcf5e9dfdc9b4_amd64",
        "relates_to_product_reference": "8Base-RHODS-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-operator-base-rhel8@sha256:e33814ce6b42423bb9a8237c6a4b5f58bbbd9239b8335f3fca85ad86fdc39a37_amd64 as a component of RHODS-2.4-RHEL-8",
          "product_id": "8Base-RHODS-2.4:rhods/odh-operator-base-rhel8@sha256:e33814ce6b42423bb9a8237c6a4b5f58bbbd9239b8335f3fca85ad86fdc39a37_amd64"
        },
        "product_reference": "rhods/odh-operator-base-rhel8@sha256:e33814ce6b42423bb9a8237c6a4b5f58bbbd9239b8335f3fca85ad86fdc39a37_amd64",
        "relates_to_product_reference": "8Base-RHODS-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-operator-bundle@sha256:b637a02d23bd8364cc8914421049eb60169c163ac70bff2f33591df1a1193002_amd64 as a component of RHODS-2.4-RHEL-8",
          "product_id": "8Base-RHODS-2.4:rhods/odh-operator-bundle@sha256:b637a02d23bd8364cc8914421049eb60169c163ac70bff2f33591df1a1193002_amd64"
        },
        "product_reference": "rhods/odh-operator-bundle@sha256:b637a02d23bd8364cc8914421049eb60169c163ac70bff2f33591df1a1193002_amd64",
        "relates_to_product_reference": "8Base-RHODS-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-rhel8-operator@sha256:00d56a2984ee01fa81cbe838567e448ce8acced37f7ff919e6e50cf951082ef2_amd64 as a component of RHODS-2.4-RHEL-8",
          "product_id": "8Base-RHODS-2.4:rhods/odh-rhel8-operator@sha256:00d56a2984ee01fa81cbe838567e448ce8acced37f7ff919e6e50cf951082ef2_amd64"
        },
        "product_reference": "rhods/odh-rhel8-operator@sha256:00d56a2984ee01fa81cbe838567e448ce8acced37f7ff919e6e50cf951082ef2_amd64",
        "relates_to_product_reference": "8Base-RHODS-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-trustyai-service-operator-rhel8@sha256:c6a5d496f39aa30dbc90dee4cb81f6e54d1db3c8d388315b78782d631c5746ca_amd64 as a component of RHODS-2.4-RHEL-8",
          "product_id": "8Base-RHODS-2.4:rhods/odh-trustyai-service-operator-rhel8@sha256:c6a5d496f39aa30dbc90dee4cb81f6e54d1db3c8d388315b78782d631c5746ca_amd64"
        },
        "product_reference": "rhods/odh-trustyai-service-operator-rhel8@sha256:c6a5d496f39aa30dbc90dee4cb81f6e54d1db3c8d388315b78782d631c5746ca_amd64",
        "relates_to_product_reference": "8Base-RHODS-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhods/odh-trustyai-service-rhel8@sha256:77d74af5cd5819cee3341505a3d329fbf622ad892df67faa85f4e6a40ccc6322_amd64 as a component of RHODS-2.4-RHEL-8",
          "product_id": "8Base-RHODS-2.4:rhods/odh-trustyai-service-rhel8@sha256:77d74af5cd5819cee3341505a3d329fbf622ad892df67faa85f4e6a40ccc6322_amd64"
        },
        "product_reference": "rhods/odh-trustyai-service-rhel8@sha256:77d74af5cd5819cee3341505a3d329fbf622ad892df67faa85f4e6a40ccc6322_amd64",
        "relates_to_product_reference": "8Base-RHODS-2.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-44487",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2023-10-09T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHODS-2.4:rhods/odh-codeflare-operator-rhel8@sha256:dd14914e92bde9e834b5b806e296ed210e9e45c1e71d3ca8d07492a967e41646_amd64",
            "8Base-RHODS-2.4:rhods/odh-dashboard-rhel8@sha256:4fb3e19665921164a9e3efbb83da2493af197e9511198bec2ef26be458bbe4af_amd64",
            "8Base-RHODS-2.4:rhods/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f1511effdf68329a092cc8de8879b99e6b412fe5e54dac78c0d1702cbe22615_amd64",
            "8Base-RHODS-2.4:rhods/odh-kf-notebook-controller-rhel8@sha256:18bdde1e5d61663b56fad3135d046ab29d45ddde030059d2332dbe08f33baa22_amd64",
            "8Base-RHODS-2.4:rhods/odh-kuberay-operator-controller-rhel8@sha256:6031c4b0cd16ad69e8ddffa27850797f2fcbed37453dc5eadcfc51fddd4fe16e_amd64",
            "8Base-RHODS-2.4:rhods/odh-ml-pipelines-api-server-rhel8@sha256:e93464874ea15a531ded124b911ef31f8f7eaa4a714e61b793ce4fcc70465dba_amd64",
            "8Base-RHODS-2.4:rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:3ad91b1853e45873885fdd8dcde094e5c0712a4ea93f2bf30c415c4153710e22_amd64",
            "8Base-RHODS-2.4:rhods/odh-ml-pipelines-cache-rhel8@sha256:d8d6dade3fff4d7312d86226534279638fc981865394a75986bf1a7ff72752f4_amd64",
            "8Base-RHODS-2.4:rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:e543aaee276a4571c3a06505b0007ae2a435848dd417ee8e47b54481106f119f_amd64",
            "8Base-RHODS-2.4:rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:75a02edd646967593afd87f874bb207b22529af22b9e98be27781007186fe886_amd64",
            "8Base-RHODS-2.4:rhods/odh-model-controller-rhel8@sha256:9808224f80f414b8af05cbfb1a6f3a292077d35ac1f403534c505f5bede517c5_amd64",
            "8Base-RHODS-2.4:rhods/odh-modelmesh-rhel8@sha256:d7605432021879d043f95602b77bc99804211e0e240628fd4fb285550df61fbc_amd64",
            "8Base-RHODS-2.4:rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:f99fb510544a7e72137e48f0dca08949159786658ed8a3b3b74cc1d132fd1d35_amd64",
            "8Base-RHODS-2.4:rhods/odh-modelmesh-serving-controller-rhel8@sha256:0f60f7523db4bf6c18bf69984e56ce632ceb1f0b4e868e73ef653b43e5034f75_amd64",
            "8Base-RHODS-2.4:rhods/odh-notebook-controller-rhel8@sha256:19daaa5932e1297efc469eae97f0b7f1fb4b652d44aa828e3d3bcf5e9dfdc9b4_amd64",
            "8Base-RHODS-2.4:rhods/odh-operator-base-rhel8@sha256:e33814ce6b42423bb9a8237c6a4b5f58bbbd9239b8335f3fca85ad86fdc39a37_amd64",
            "8Base-RHODS-2.4:rhods/odh-operator-bundle@sha256:b637a02d23bd8364cc8914421049eb60169c163ac70bff2f33591df1a1193002_amd64",
            "8Base-RHODS-2.4:rhods/odh-rhel8-operator@sha256:00d56a2984ee01fa81cbe838567e448ce8acced37f7ff919e6e50cf951082ef2_amd64",
            "8Base-RHODS-2.4:rhods/odh-trustyai-service-operator-rhel8@sha256:c6a5d496f39aa30dbc90dee4cb81f6e54d1db3c8d388315b78782d631c5746ca_amd64",
            "8Base-RHODS-2.4:rhods/odh-trustyai-service-rhel8@sha256:77d74af5cd5819cee3341505a3d329fbf622ad892df67faa85f4e6a40ccc6322_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2242803"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHODS-2.4:rhods/odh-mm-rest-proxy-rhel8@sha256:b3c796a289fb12ac59ce60e75a4266045bf071e91a022ba5a9c935f077df602d_amd64"
        ],
        "known_not_affected": [
          "8Base-RHODS-2.4:rhods/odh-codeflare-operator-rhel8@sha256:dd14914e92bde9e834b5b806e296ed210e9e45c1e71d3ca8d07492a967e41646_amd64",
          "8Base-RHODS-2.4:rhods/odh-dashboard-rhel8@sha256:4fb3e19665921164a9e3efbb83da2493af197e9511198bec2ef26be458bbe4af_amd64",
          "8Base-RHODS-2.4:rhods/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f1511effdf68329a092cc8de8879b99e6b412fe5e54dac78c0d1702cbe22615_amd64",
          "8Base-RHODS-2.4:rhods/odh-kf-notebook-controller-rhel8@sha256:18bdde1e5d61663b56fad3135d046ab29d45ddde030059d2332dbe08f33baa22_amd64",
          "8Base-RHODS-2.4:rhods/odh-kuberay-operator-controller-rhel8@sha256:6031c4b0cd16ad69e8ddffa27850797f2fcbed37453dc5eadcfc51fddd4fe16e_amd64",
          "8Base-RHODS-2.4:rhods/odh-ml-pipelines-api-server-rhel8@sha256:e93464874ea15a531ded124b911ef31f8f7eaa4a714e61b793ce4fcc70465dba_amd64",
          "8Base-RHODS-2.4:rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:3ad91b1853e45873885fdd8dcde094e5c0712a4ea93f2bf30c415c4153710e22_amd64",
          "8Base-RHODS-2.4:rhods/odh-ml-pipelines-cache-rhel8@sha256:d8d6dade3fff4d7312d86226534279638fc981865394a75986bf1a7ff72752f4_amd64",
          "8Base-RHODS-2.4:rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:e543aaee276a4571c3a06505b0007ae2a435848dd417ee8e47b54481106f119f_amd64",
          "8Base-RHODS-2.4:rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:75a02edd646967593afd87f874bb207b22529af22b9e98be27781007186fe886_amd64",
          "8Base-RHODS-2.4:rhods/odh-model-controller-rhel8@sha256:9808224f80f414b8af05cbfb1a6f3a292077d35ac1f403534c505f5bede517c5_amd64",
          "8Base-RHODS-2.4:rhods/odh-modelmesh-rhel8@sha256:d7605432021879d043f95602b77bc99804211e0e240628fd4fb285550df61fbc_amd64",
          "8Base-RHODS-2.4:rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:f99fb510544a7e72137e48f0dca08949159786658ed8a3b3b74cc1d132fd1d35_amd64",
          "8Base-RHODS-2.4:rhods/odh-modelmesh-serving-controller-rhel8@sha256:0f60f7523db4bf6c18bf69984e56ce632ceb1f0b4e868e73ef653b43e5034f75_amd64",
          "8Base-RHODS-2.4:rhods/odh-notebook-controller-rhel8@sha256:19daaa5932e1297efc469eae97f0b7f1fb4b652d44aa828e3d3bcf5e9dfdc9b4_amd64",
          "8Base-RHODS-2.4:rhods/odh-operator-base-rhel8@sha256:e33814ce6b42423bb9a8237c6a4b5f58bbbd9239b8335f3fca85ad86fdc39a37_amd64",
          "8Base-RHODS-2.4:rhods/odh-operator-bundle@sha256:b637a02d23bd8364cc8914421049eb60169c163ac70bff2f33591df1a1193002_amd64",
          "8Base-RHODS-2.4:rhods/odh-rhel8-operator@sha256:00d56a2984ee01fa81cbe838567e448ce8acced37f7ff919e6e50cf951082ef2_amd64",
          "8Base-RHODS-2.4:rhods/odh-trustyai-service-operator-rhel8@sha256:c6a5d496f39aa30dbc90dee4cb81f6e54d1db3c8d388315b78782d631c5746ca_amd64",
          "8Base-RHODS-2.4:rhods/odh-trustyai-service-rhel8@sha256:77d74af5cd5819cee3341505a3d329fbf622ad892df67faa85f4e6a40ccc6322_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "RHBZ#2242803",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://github.com/dotnet/announcements/issues/277",
          "url": "https://github.com/dotnet/announcements/issues/277"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2023-2102",
          "url": "https://pkg.go.dev/vuln/GO-2023-2102"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487",
          "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487"
        },
        {
          "category": "external",
          "summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/",
          "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2023-10-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHODS-2.4:rhods/odh-mm-rest-proxy-rhel8@sha256:b3c796a289fb12ac59ce60e75a4266045bf071e91a022ba5a9c935f077df602d_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHBA-2023:7492"
        },
        {
          "category": "workaround",
          "details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n     a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n     b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n     c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n     d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n     e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.",
          "product_ids": [
            "8Base-RHODS-2.4:rhods/odh-codeflare-operator-rhel8@sha256:dd14914e92bde9e834b5b806e296ed210e9e45c1e71d3ca8d07492a967e41646_amd64",
            "8Base-RHODS-2.4:rhods/odh-dashboard-rhel8@sha256:4fb3e19665921164a9e3efbb83da2493af197e9511198bec2ef26be458bbe4af_amd64",
            "8Base-RHODS-2.4:rhods/odh-data-science-pipelines-operator-controller-rhel8@sha256:4f1511effdf68329a092cc8de8879b99e6b412fe5e54dac78c0d1702cbe22615_amd64",
            "8Base-RHODS-2.4:rhods/odh-kf-notebook-controller-rhel8@sha256:18bdde1e5d61663b56fad3135d046ab29d45ddde030059d2332dbe08f33baa22_amd64",
            "8Base-RHODS-2.4:rhods/odh-kuberay-operator-controller-rhel8@sha256:6031c4b0cd16ad69e8ddffa27850797f2fcbed37453dc5eadcfc51fddd4fe16e_amd64",
            "8Base-RHODS-2.4:rhods/odh-ml-pipelines-api-server-rhel8@sha256:e93464874ea15a531ded124b911ef31f8f7eaa4a714e61b793ce4fcc70465dba_amd64",
            "8Base-RHODS-2.4:rhods/odh-ml-pipelines-artifact-manager-rhel8@sha256:3ad91b1853e45873885fdd8dcde094e5c0712a4ea93f2bf30c415c4153710e22_amd64",
            "8Base-RHODS-2.4:rhods/odh-ml-pipelines-cache-rhel8@sha256:d8d6dade3fff4d7312d86226534279638fc981865394a75986bf1a7ff72752f4_amd64",
            "8Base-RHODS-2.4:rhods/odh-ml-pipelines-persistenceagent-rhel8@sha256:e543aaee276a4571c3a06505b0007ae2a435848dd417ee8e47b54481106f119f_amd64",
            "8Base-RHODS-2.4:rhods/odh-ml-pipelines-scheduledworkflow-rhel8@sha256:75a02edd646967593afd87f874bb207b22529af22b9e98be27781007186fe886_amd64",
            "8Base-RHODS-2.4:rhods/odh-mm-rest-proxy-rhel8@sha256:b3c796a289fb12ac59ce60e75a4266045bf071e91a022ba5a9c935f077df602d_amd64",
            "8Base-RHODS-2.4:rhods/odh-model-controller-rhel8@sha256:9808224f80f414b8af05cbfb1a6f3a292077d35ac1f403534c505f5bede517c5_amd64",
            "8Base-RHODS-2.4:rhods/odh-modelmesh-rhel8@sha256:d7605432021879d043f95602b77bc99804211e0e240628fd4fb285550df61fbc_amd64",
            "8Base-RHODS-2.4:rhods/odh-modelmesh-runtime-adapter-rhel8@sha256:f99fb510544a7e72137e48f0dca08949159786658ed8a3b3b74cc1d132fd1d35_amd64",
            "8Base-RHODS-2.4:rhods/odh-modelmesh-serving-controller-rhel8@sha256:0f60f7523db4bf6c18bf69984e56ce632ceb1f0b4e868e73ef653b43e5034f75_amd64",
            "8Base-RHODS-2.4:rhods/odh-notebook-controller-rhel8@sha256:19daaa5932e1297efc469eae97f0b7f1fb4b652d44aa828e3d3bcf5e9dfdc9b4_amd64",
            "8Base-RHODS-2.4:rhods/odh-operator-base-rhel8@sha256:e33814ce6b42423bb9a8237c6a4b5f58bbbd9239b8335f3fca85ad86fdc39a37_amd64",
            "8Base-RHODS-2.4:rhods/odh-operator-bundle@sha256:b637a02d23bd8364cc8914421049eb60169c163ac70bff2f33591df1a1193002_amd64",
            "8Base-RHODS-2.4:rhods/odh-rhel8-operator@sha256:00d56a2984ee01fa81cbe838567e448ce8acced37f7ff919e6e50cf951082ef2_amd64",
            "8Base-RHODS-2.4:rhods/odh-trustyai-service-operator-rhel8@sha256:c6a5d496f39aa30dbc90dee4cb81f6e54d1db3c8d388315b78782d631c5746ca_amd64",
            "8Base-RHODS-2.4:rhods/odh-trustyai-service-rhel8@sha256:77d74af5cd5819cee3341505a3d329fbf622ad892df67faa85f4e6a40ccc6322_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHODS-2.4:rhods/odh-mm-rest-proxy-rhel8@sha256:b3c796a289fb12ac59ce60e75a4266045bf071e91a022ba5a9c935f077df602d_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2023-10-10T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)"
    }
  ]
}

cve-2023-44487

Vulnerability from cvelistv5

Published

2023-10-10 00:00

Modified

2024-08-19 07:48

Severity

7.5 (High) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

References

URL	Tags
https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73
https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
https://aws.amazon.com/security/security-bulletins/AWS-2023-011/
https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack
https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/
https://news.ycombinator.com/item?id=37831062
https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/
https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
https://github.com/envoyproxy/envoy/pull/30055
https://github.com/haproxy/haproxy/issues/2312
https://github.com/eclipse/jetty.project/issues/10679
https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764
https://github.com/nghttp2/nghttp2/pull/1961
https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61
https://github.com/alibaba/tengine/issues/1872
https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2
https://news.ycombinator.com/item?id=37830987
https://news.ycombinator.com/item?id=37830998
https://github.com/caddyserver/caddy/issues/5877
https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/
https://github.com/bcdannyboy/CVE-2023-44487
https://github.com/grpc/grpc-go/pull/6703
https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244
https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html
https://my.f5.com/manage/s/article/K000137106
https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/
https://bugzilla.proxmox.com/show_bug.cgi?id=4988
https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9
https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected
https://github.com/microsoft/CBL-Mariner/pull/6381
https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo
https://github.com/facebook/proxygen/pull/466
https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088
https://github.com/micrictor/http2-rst-stream
https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve
https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/
https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf
https://github.com/h2o/h2o/pull/3291
https://github.com/nodejs/node/pull/50121
https://github.com/dotnet/announcements/issues/277
https://github.com/golang/go/issues/63417
https://github.com/advisories/GHSA-vx74-f528-fxqg
https://github.com/apache/trafficserver/pull/10564
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14
https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
https://www.openwall.com/lists/oss-security/2023/10/10/6
https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487
https://github.com/opensearch-project/data-prepper/issues/3474
https://github.com/kubernetes/kubernetes/pull/121120
https://github.com/oqtane/oqtane.framework/discussions/3367
https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
https://netty.io/news/2023/10/10/4-1-100-Final.html
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack
https://news.ycombinator.com/item?id=37837043
https://github.com/kazu-yamamoto/http2/issues/93
https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html
https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1
https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113
https://www.debian.org/security/2023/dsa-5522	vendor-advisory
https://www.debian.org/security/2023/dsa-5521	vendor-advisory
https://access.redhat.com/security/cve/cve-2023-44487
https://github.com/ninenines/cowboy/issues/1615
https://github.com/varnishcache/varnish-cache/issues/3996
https://github.com/tempesta-tech/tempesta/issues/1986
https://blog.vespa.ai/cve-2023-44487/
https://github.com/etcd-io/etcd/issues/16740
https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event
https://istio.io/latest/news/security/istio-security-2023-004/
https://github.com/junkurihara/rust-rpxy/issues/97
https://bugzilla.suse.com/show_bug.cgi?id=1216123
https://bugzilla.redhat.com/show_bug.cgi?id=2242803
https://ubuntu.com/security/CVE-2023-44487
https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125
https://github.com/advisories/GHSA-qppj-fm5r-hxr3
https://github.com/apache/httpd-site/pull/10
https://github.com/projectcontour/contour/pull/5826
https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632
https://github.com/line/armeria/pull/5232
https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/
https://security.paloaltonetworks.com/CVE-2023-44487
https://github.com/akka/akka-http/issues/4323
https://github.com/openresty/openresty/issues/930
https://github.com/apache/apisix/issues/10320
https://github.com/Azure/AKS/issues/3947
https://github.com/Kong/kong/discussions/11741
https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/
https://github.com/caddyserver/caddy/releases/tag/v2.7.5
https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html	mailing-list
http://www.openwall.com/lists/oss-security/2023/10/13/4	mailing-list
http://www.openwall.com/lists/oss-security/2023/10/13/9	mailing-list
https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/
https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/	vendor-advisory
https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html	mailing-list
https://security.netapp.com/advisory/ntap-20231016-0001/
https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html	mailing-list
http://www.openwall.com/lists/oss-security/2023/10/18/4	mailing-list
http://www.openwall.com/lists/oss-security/2023/10/18/8	mailing-list
http://www.openwall.com/lists/oss-security/2023/10/19/6	mailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/	vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/	vendor-advisory
http://www.openwall.com/lists/oss-security/2023/10/20/8	mailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/	vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/	vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/	vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/	vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/	vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/	vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/	vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/	vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/	vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/	vendor-advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html	mailing-list
https://www.debian.org/security/2023/dsa-5540	vendor-advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html	mailing-list
https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/	vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/	vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/	vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/	vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/	vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/	vendor-advisory
https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html	mailing-list
https://www.debian.org/security/2023/dsa-5549	vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/	vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/	vendor-advisory
https://www.debian.org/security/2023/dsa-5558	vendor-advisory
https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html	mailing-list
https://security.gentoo.org/glsa/202311-09	vendor-advisory
https://www.debian.org/security/2023/dsa-5570	vendor-advisory
https://security.netapp.com/advisory/ntap-20240426-0007/
https://security.netapp.com/advisory/ntap-20240621-0006/
https://security.netapp.com/advisory/ntap-20240621-0007/

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website