Vulnerability-Lookup

RHEA-2021:5066

Vulnerability from csaf_redhat - Published: 2021-12-09 19:19 - Updated: 2026-03-20 01:18

Summary

Red Hat Enhancement Advisory: MTV 2.2.0 Images

Severity

Moderate

Notes

Topic: Updated release packages fix several bugs and add various enhancements.

Details: Migration Toolkit for Virtualization (MTV) 2.2.0

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-3749

A Regular Expression Denial of Service (ReDoS) vulnerability was found in the nodejs axios. This flaw allows an attacker to provide crafted input to the trim function, which might cause high resources consumption and as a consequence lead to denial of service. The highest threat from this vulnerability is system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Vendor Fix Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 https://access.redhat.com/errata/RHEA-2021:5066

CVE-2021-41089

A file permissions vulnerability was found in Moby (Docker Engine). Copying files by using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, which might lead to permissions escalation and allow an attacker access to restricted data.

5.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

CWE-552 - Files or Directories Accessible to External Parties

References

URL

Category

	https://access.redhat.com/errata/RHEA-2021:5066	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1919636	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1944402	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1951660	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1953253	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1953989	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1957841	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1959229	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1959377	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1965030	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1965328	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1977260	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1981074	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1990596	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1990851	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1993089	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1993140	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1993259	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1994037	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1994042	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1994093	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1994146	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1994467	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1994479	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1994978	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1995075	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1995197	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1996360	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1996587	external
	https://bugzilla.redhat.com/show_bug.cgi?id=1999163	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2011354	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2011785	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2011805	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2012130	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2012564	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2012732	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2012799	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2013687	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2014157	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2014177	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2015063	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2015813	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2015816	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2015940	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2016257	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2016931	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2017370	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2017625	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2018522	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2018939	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2018944	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2019307	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2020014	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2020297	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2021622	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2022651	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2023680	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2024138	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2024506	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2024554	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2025279	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2025526	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2026620	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2026702	external
	https://bugzilla.redhat.com/show_bug.cgi?id=2026804	external
	https://security.access.redhat.com/data/csaf/v2/a…	self
	https://access.redhat.com/security/cve/CVE-2021-3749	self
	https://bugzilla.redhat.com/show_bug.cgi?id=1999784	external
	https://www.cve.org/CVERecord?id=CVE-2021-3749	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-3749	external
	https://github.com/axios/axios/commit/5b457116e31…	external
	https://huntr.dev/bounties/1e8f07fc-c384-4ff9-849…	external
	https://access.redhat.com/security/cve/CVE-2021-41089	self
	https://bugzilla.redhat.com/show_bug.cgi?id=2008592	external
	https://www.cve.org/CVERecord?id=CVE-2021-41089	external
	https://nvd.nist.gov/vuln/detail/CVE-2021-41089	external
	https://github.com/moby/moby/security/advisories/…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated release packages fix several bugs and add various enhancements.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Migration Toolkit for Virtualization (MTV) 2.2.0",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHEA-2021:5066",
        "url": "https://access.redhat.com/errata/RHEA-2021:5066"
      },
      {
        "category": "external",
        "summary": "1919636",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919636"
      },
      {
        "category": "external",
        "summary": "1944402",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944402"
      },
      {
        "category": "external",
        "summary": "1951660",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951660"
      },
      {
        "category": "external",
        "summary": "1953253",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953253"
      },
      {
        "category": "external",
        "summary": "1953989",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953989"
      },
      {
        "category": "external",
        "summary": "1957841",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957841"
      },
      {
        "category": "external",
        "summary": "1959229",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959229"
      },
      {
        "category": "external",
        "summary": "1959377",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959377"
      },
      {
        "category": "external",
        "summary": "1965030",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965030"
      },
      {
        "category": "external",
        "summary": "1965328",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965328"
      },
      {
        "category": "external",
        "summary": "1977260",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977260"
      },
      {
        "category": "external",
        "summary": "1981074",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981074"
      },
      {
        "category": "external",
        "summary": "1990596",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990596"
      },
      {
        "category": "external",
        "summary": "1990851",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990851"
      },
      {
        "category": "external",
        "summary": "1993089",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993089"
      },
      {
        "category": "external",
        "summary": "1993140",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993140"
      },
      {
        "category": "external",
        "summary": "1993259",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993259"
      },
      {
        "category": "external",
        "summary": "1994037",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994037"
      },
      {
        "category": "external",
        "summary": "1994042",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994042"
      },
      {
        "category": "external",
        "summary": "1994093",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994093"
      },
      {
        "category": "external",
        "summary": "1994146",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994146"
      },
      {
        "category": "external",
        "summary": "1994467",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994467"
      },
      {
        "category": "external",
        "summary": "1994479",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994479"
      },
      {
        "category": "external",
        "summary": "1994978",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994978"
      },
      {
        "category": "external",
        "summary": "1995075",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995075"
      },
      {
        "category": "external",
        "summary": "1995197",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995197"
      },
      {
        "category": "external",
        "summary": "1996360",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996360"
      },
      {
        "category": "external",
        "summary": "1996587",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996587"
      },
      {
        "category": "external",
        "summary": "1999163",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999163"
      },
      {
        "category": "external",
        "summary": "2011354",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011354"
      },
      {
        "category": "external",
        "summary": "2011785",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011785"
      },
      {
        "category": "external",
        "summary": "2011805",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011805"
      },
      {
        "category": "external",
        "summary": "2012130",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2012130"
      },
      {
        "category": "external",
        "summary": "2012564",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2012564"
      },
      {
        "category": "external",
        "summary": "2012732",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2012732"
      },
      {
        "category": "external",
        "summary": "2012799",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2012799"
      },
      {
        "category": "external",
        "summary": "2013687",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013687"
      },
      {
        "category": "external",
        "summary": "2014157",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014157"
      },
      {
        "category": "external",
        "summary": "2014177",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014177"
      },
      {
        "category": "external",
        "summary": "2015063",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015063"
      },
      {
        "category": "external",
        "summary": "2015813",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015813"
      },
      {
        "category": "external",
        "summary": "2015816",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015816"
      },
      {
        "category": "external",
        "summary": "2015940",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015940"
      },
      {
        "category": "external",
        "summary": "2016257",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016257"
      },
      {
        "category": "external",
        "summary": "2016931",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016931"
      },
      {
        "category": "external",
        "summary": "2017370",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2017370"
      },
      {
        "category": "external",
        "summary": "2017625",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2017625"
      },
      {
        "category": "external",
        "summary": "2018522",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018522"
      },
      {
        "category": "external",
        "summary": "2018939",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018939"
      },
      {
        "category": "external",
        "summary": "2018944",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018944"
      },
      {
        "category": "external",
        "summary": "2019307",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019307"
      },
      {
        "category": "external",
        "summary": "2020014",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020014"
      },
      {
        "category": "external",
        "summary": "2020297",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020297"
      },
      {
        "category": "external",
        "summary": "2021622",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021622"
      },
      {
        "category": "external",
        "summary": "2022651",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022651"
      },
      {
        "category": "external",
        "summary": "2023680",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023680"
      },
      {
        "category": "external",
        "summary": "2024138",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024138"
      },
      {
        "category": "external",
        "summary": "2024506",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024506"
      },
      {
        "category": "external",
        "summary": "2024554",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024554"
      },
      {
        "category": "external",
        "summary": "2025279",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025279"
      },
      {
        "category": "external",
        "summary": "2025526",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025526"
      },
      {
        "category": "external",
        "summary": "2026620",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026620"
      },
      {
        "category": "external",
        "summary": "2026702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026702"
      },
      {
        "category": "external",
        "summary": "2026804",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026804"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhea-2021_5066.json"
      }
    ],
    "title": "Red Hat Enhancement Advisory: MTV 2.2.0 Images",
    "tracking": {
      "current_release_date": "2026-03-20T01:18:16+00:00",
      "generator": {
        "date": "2026-03-20T01:18:16+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.7.3"
        }
      },
      "id": "RHEA-2021:5066",
      "initial_release_date": "2021-12-09T19:19:24+00:00",
      "revision_history": [
        {
          "date": "2021-12-09T19:19:24+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-12-09T19:19:24+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-03-20T01:18:16+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "8Base-MTV-2.2",
                "product": {
                  "name": "8Base-MTV-2.2",
                  "product_id": "8Base-MTV-2.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.2::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Migration Toolkit for Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel8\u0026tag=2.2.0-39"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-api-rhel8\u0026tag=2.2.0-53"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-rhel8\u0026tag=2.2.0-57"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle\u0026tag=2.2.0-104"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-rhel8-operator\u0026tag=2.2.0-59"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-ui-rhel8\u0026tag=2.2.0-60"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel8\u0026tag=2.2.0-36"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel8\u0026tag=2.2.0-18"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64 as a component of 8Base-MTV-2.2",
          "product_id": "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64",
        "relates_to_product_reference": "8Base-MTV-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64 as a component of 8Base-MTV-2.2",
          "product_id": "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
        "relates_to_product_reference": "8Base-MTV-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64 as a component of 8Base-MTV-2.2",
          "product_id": "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
        "relates_to_product_reference": "8Base-MTV-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64 as a component of 8Base-MTV-2.2",
          "product_id": "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
        "relates_to_product_reference": "8Base-MTV-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64 as a component of 8Base-MTV-2.2",
          "product_id": "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
        "relates_to_product_reference": "8Base-MTV-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64 as a component of 8Base-MTV-2.2",
          "product_id": "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64",
        "relates_to_product_reference": "8Base-MTV-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64 as a component of 8Base-MTV-2.2",
          "product_id": "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
        "relates_to_product_reference": "8Base-MTV-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64 as a component of 8Base-MTV-2.2",
          "product_id": "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64",
        "relates_to_product_reference": "8Base-MTV-2.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-3749",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-08-31T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1999784"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the nodejs axios. This flaw allows an attacker to provide crafted input to the trim function, which might cause high resources consumption and as a consequence lead to denial of service. The highest threat from this vulnerability is system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-axios: Regular expression denial of service in trim function",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* OpenShift Container Platform (OCP) grafana-container does package a vulnerable version of nodejs axios. However, due to the instance being read only and behind OpenShift OAuth, the impact of this vulnerability is Low.\n\n* Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.1 and previous versions does contain a vulnerable version of nodejs axios, RHACM 2.2 on towards are not affected versions. For RHACM 2.1, due to the instance being read only and behind OAuth, the impact of this vulnerability is Low.\n\n* Because Service Telemetry Framework 1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF\u0027s service-telemetry-operator-container and smart-gateway-operator-container.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64"
        ],
        "known_not_affected": [
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3749"
        },
        {
          "category": "external",
          "summary": "RHBZ#1999784",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999784"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3749",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3749"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3749",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3749"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929",
          "url": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929"
        },
        {
          "category": "external",
          "summary": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31",
          "url": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31"
        }
      ],
      "release_date": "2021-08-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-09T19:19:24+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\n        https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHEA-2021:5066"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-axios: Regular expression denial of service in trim function"
    },
    {
      "cve": "CVE-2021-41089",
      "cwe": {
        "id": "CWE-552",
        "name": "Files or Directories Accessible to External Parties"
      },
      "discovery_date": "2021-09-27T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2008592"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A file permissions vulnerability was found in Moby (Docker Engine). Copying files by using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host\u0027s filesystem, which might lead to permissions escalation and allow an attacker access to restricted data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "moby: `docker cp` allows unexpected chmod of host file",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), Migration Toolkit for Virtualization (MTV) and Red Hat Quay some components bundle github.com/moby/moby, but successful exploitation requires using a specially crafted container, therefore impact to these components is LOW.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64"
        ],
        "known_not_affected": [
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-41089"
        },
        {
          "category": "external",
          "summary": "RHBZ#2008592",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008592"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-41089",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-41089"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41089",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41089"
        },
        {
          "category": "external",
          "summary": "https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4",
          "url": "https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4"
        }
      ],
      "release_date": "2021-10-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-09T19:19:24+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\n        https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHEA-2021:5066"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "moby: `docker cp` allows unexpected chmod of host file"
    }
  ]
}

CVE-2021-3749 (GCVE-0-2021-3749)

Vulnerability from cvelistv5 – Published: 2021-08-31 10:36 – Updated: 2024-08-03 17:09

Title

Inefficient Regular Expression Complexity in axios/axios

Summary

axios is vulnerable to Inefficient Regular Expression Complexity

Severity ?

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-1333 - Inefficient Regular Expression Complexity

Assigner

@huntrdev

References

URL

Tags

	https://huntr.dev/bounties/1e8f07fc-c384-4ff9-849…	x_refsource_CONFIRM
	https://github.com/axios/axios/commit/5b457116e31…	x_refsource_MISC
	https://lists.apache.org/thread.html/r7324ecc35b8…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rfc5c478053f…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r216f0fd0a38…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r3ae6d2654f9…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/ra15d63c54dc…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r74d0b359408…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rc263bfc5b53…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r4bf1b32983f…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/r075d464dce9…	mailing-listx_refsource_MLIST
	https://lists.apache.org/thread.html/rfa094029c95…	mailing-listx_refsource_MLIST
	https://www.oracle.com/security-alerts/cpujul2022.html	x_refsource_MISC
	https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	axios	axios/axios	Affected: unspecified , ≤ 0.21.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:09:08.302Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929"
          },
          {
            "name": "[druid-commits] 20211008 [GitHub] [druid] andreacyc closed pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211008 [GitHub] [druid] andreacyc opened a new pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211008 [GitHub] [druid] jihoonson commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson closed pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3ae6d2654f92c5851bdb73b35e96b0e4e3da39f28ac7a1b15ae3aab8%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211009 [GitHub] [druid] andreacyc opened a new pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra15d63c54dc6474b29f72ae4324bcb03038758545b3ab800845de7a1%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211009 [druid] branch master updated: Fix CVE-2021-3749 reported in security vulnerabilities job (#11786)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r74d0b359408fff31f87445261f0ee13bdfcac7d66f6b8e846face321%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc263bfc5b53afcb7e849605478d73f5556eb0c00d1f912084e407289%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson merged pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4bf1b32983f50be00f9752214c1b53738b621be1c2b0dbd68c7f2391%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211009 [GitHub] [druid] andreacyc commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r075d464dce95cd13c03ff9384658edcccd5ab2983b82bfc72b62bb10%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-dev] 20211009 [CRON] Passed: apache/druid#33528 (master - adb2237)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfa094029c959da0f7c8cd7dc9c4e59d21b03457bf0cedf6c93e1bb0a%40%3Cdev.druid.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "axios/axios",
          "vendor": "axios",
          "versions": [
            {
              "lessThanOrEqual": "0.21.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "axios is vulnerable to Inefficient Regular Expression Complexity"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333 Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-13T11:06:31.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929"
        },
        {
          "name": "[druid-commits] 20211008 [GitHub] [druid] andreacyc closed pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211008 [GitHub] [druid] andreacyc opened a new pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211008 [GitHub] [druid] jihoonson commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson closed pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3ae6d2654f92c5851bdb73b35e96b0e4e3da39f28ac7a1b15ae3aab8%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211009 [GitHub] [druid] andreacyc opened a new pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra15d63c54dc6474b29f72ae4324bcb03038758545b3ab800845de7a1%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211009 [druid] branch master updated: Fix CVE-2021-3749 reported in security vulnerabilities job (#11786)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r74d0b359408fff31f87445261f0ee13bdfcac7d66f6b8e846face321%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc263bfc5b53afcb7e849605478d73f5556eb0c00d1f912084e407289%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson merged pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4bf1b32983f50be00f9752214c1b53738b621be1c2b0dbd68c7f2391%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211009 [GitHub] [druid] andreacyc commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r075d464dce95cd13c03ff9384658edcccd5ab2983b82bfc72b62bb10%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-dev] 20211009 [CRON] Passed: apache/druid#33528 (master - adb2237)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfa094029c959da0f7c8cd7dc9c4e59d21b03457bf0cedf6c93e1bb0a%40%3Cdev.druid.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
        }
      ],
      "source": {
        "advisory": "1e8f07fc-c384-4ff9-8498-0690de2e8c31",
        "discovery": "EXTERNAL"
      },
      "title": "Inefficient Regular Expression Complexity in axios/axios",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2021-3749",
          "STATE": "PUBLIC",
          "TITLE": "Inefficient Regular Expression Complexity in axios/axios"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "axios/axios",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "0.21.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "axios"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "axios is vulnerable to Inefficient Regular Expression Complexity"
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-1333 Inefficient Regular Expression Complexity"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31"
            },
            {
              "name": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929",
              "refsource": "MISC",
              "url": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929"
            },
            {
              "name": "[druid-commits] 20211008 [GitHub] [druid] andreacyc closed pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20211008 [GitHub] [druid] andreacyc opened a new pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20211008 [GitHub] [druid] jihoonson commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson closed pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3ae6d2654f92c5851bdb73b35e96b0e4e3da39f28ac7a1b15ae3aab8@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20211009 [GitHub] [druid] andreacyc opened a new pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra15d63c54dc6474b29f72ae4324bcb03038758545b3ab800845de7a1@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20211009 [druid] branch master updated: Fix CVE-2021-3749 reported in security vulnerabilities job (#11786)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r74d0b359408fff31f87445261f0ee13bdfcac7d66f6b8e846face321@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc263bfc5b53afcb7e849605478d73f5556eb0c00d1f912084e407289@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson merged pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4bf1b32983f50be00f9752214c1b53738b621be1c2b0dbd68c7f2391@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20211009 [GitHub] [druid] andreacyc commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r075d464dce95cd13c03ff9384658edcccd5ab2983b82bfc72b62bb10@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-dev] 20211009 [CRON] Passed: apache/druid#33528 (master - adb2237)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfa094029c959da0f7c8cd7dc9c4e59d21b03457bf0cedf6c93e1bb0a@%3Cdev.druid.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
            }
          ]
        },
        "source": {
          "advisory": "1e8f07fc-c384-4ff9-8498-0690de2e8c31",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2021-3749",
    "datePublished": "2021-08-31T10:36:43.000Z",
    "dateReserved": "2021-08-30T00:00:00.000Z",
    "dateUpdated": "2024-08-03T17:09:08.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-41089 (GCVE-0-2021-41089)

Vulnerability from cvelistv5 – Published: 2021-10-04 20:20 – Updated: 2024-08-04 02:59

Title

`docker cp` allows unexpected chmod of host files

Summary

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.

Severity ?

2.8 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

CWE

CWE-281 - Improper Preservation of Permissions

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	moby	moby	Affected: < 20.10.9

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHEA-2021:5066

CVE-2021-3749 (GCVE-0-2021-3749)

CVE-2021-41089 (GCVE-0-2021-41089)

Tags

Sightings

Nomenclature