csaf_redhat - rhea-2021

rhea-2021_5066

Vulnerability from csaf_redhat

Published

2021-12-09 19:19

Modified

2024-09-16 06:13

Summary

Red Hat Enhancement Advisory: MTV 2.2.0 Images

Notes

Topic

Updated release packages fix several bugs and add various enhancements.

Details

Migration Toolkit for Virtualization (MTV) 2.2.0

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated release packages fix several bugs and add various enhancements.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Migration Toolkit for Virtualization (MTV) 2.2.0",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHEA-2021:5066",
        "url": "https://access.redhat.com/errata/RHEA-2021:5066"
      },
      {
        "category": "external",
        "summary": "1919636",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1919636"
      },
      {
        "category": "external",
        "summary": "1944402",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944402"
      },
      {
        "category": "external",
        "summary": "1951660",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1951660"
      },
      {
        "category": "external",
        "summary": "1953253",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953253"
      },
      {
        "category": "external",
        "summary": "1953989",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953989"
      },
      {
        "category": "external",
        "summary": "1957841",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1957841"
      },
      {
        "category": "external",
        "summary": "1959229",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959229"
      },
      {
        "category": "external",
        "summary": "1959377",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959377"
      },
      {
        "category": "external",
        "summary": "1965030",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965030"
      },
      {
        "category": "external",
        "summary": "1965328",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1965328"
      },
      {
        "category": "external",
        "summary": "1977260",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977260"
      },
      {
        "category": "external",
        "summary": "1981074",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981074"
      },
      {
        "category": "external",
        "summary": "1990596",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990596"
      },
      {
        "category": "external",
        "summary": "1990851",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1990851"
      },
      {
        "category": "external",
        "summary": "1993089",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993089"
      },
      {
        "category": "external",
        "summary": "1993140",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993140"
      },
      {
        "category": "external",
        "summary": "1993259",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1993259"
      },
      {
        "category": "external",
        "summary": "1994037",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994037"
      },
      {
        "category": "external",
        "summary": "1994042",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994042"
      },
      {
        "category": "external",
        "summary": "1994093",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994093"
      },
      {
        "category": "external",
        "summary": "1994146",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994146"
      },
      {
        "category": "external",
        "summary": "1994467",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994467"
      },
      {
        "category": "external",
        "summary": "1994479",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994479"
      },
      {
        "category": "external",
        "summary": "1994978",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994978"
      },
      {
        "category": "external",
        "summary": "1995075",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995075"
      },
      {
        "category": "external",
        "summary": "1995197",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995197"
      },
      {
        "category": "external",
        "summary": "1996360",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996360"
      },
      {
        "category": "external",
        "summary": "1996587",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1996587"
      },
      {
        "category": "external",
        "summary": "1999163",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999163"
      },
      {
        "category": "external",
        "summary": "2011354",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011354"
      },
      {
        "category": "external",
        "summary": "2011785",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011785"
      },
      {
        "category": "external",
        "summary": "2011805",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011805"
      },
      {
        "category": "external",
        "summary": "2012130",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2012130"
      },
      {
        "category": "external",
        "summary": "2012564",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2012564"
      },
      {
        "category": "external",
        "summary": "2012732",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2012732"
      },
      {
        "category": "external",
        "summary": "2012799",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2012799"
      },
      {
        "category": "external",
        "summary": "2013687",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2013687"
      },
      {
        "category": "external",
        "summary": "2014157",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014157"
      },
      {
        "category": "external",
        "summary": "2014177",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2014177"
      },
      {
        "category": "external",
        "summary": "2015063",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015063"
      },
      {
        "category": "external",
        "summary": "2015813",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015813"
      },
      {
        "category": "external",
        "summary": "2015816",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015816"
      },
      {
        "category": "external",
        "summary": "2015940",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2015940"
      },
      {
        "category": "external",
        "summary": "2016257",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016257"
      },
      {
        "category": "external",
        "summary": "2016931",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016931"
      },
      {
        "category": "external",
        "summary": "2017370",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2017370"
      },
      {
        "category": "external",
        "summary": "2017625",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2017625"
      },
      {
        "category": "external",
        "summary": "2018522",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018522"
      },
      {
        "category": "external",
        "summary": "2018939",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018939"
      },
      {
        "category": "external",
        "summary": "2018944",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018944"
      },
      {
        "category": "external",
        "summary": "2019307",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2019307"
      },
      {
        "category": "external",
        "summary": "2020014",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020014"
      },
      {
        "category": "external",
        "summary": "2020297",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2020297"
      },
      {
        "category": "external",
        "summary": "2021622",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2021622"
      },
      {
        "category": "external",
        "summary": "2022651",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2022651"
      },
      {
        "category": "external",
        "summary": "2023680",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2023680"
      },
      {
        "category": "external",
        "summary": "2024138",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024138"
      },
      {
        "category": "external",
        "summary": "2024506",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024506"
      },
      {
        "category": "external",
        "summary": "2024554",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024554"
      },
      {
        "category": "external",
        "summary": "2025279",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025279"
      },
      {
        "category": "external",
        "summary": "2025526",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025526"
      },
      {
        "category": "external",
        "summary": "2026620",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026620"
      },
      {
        "category": "external",
        "summary": "2026702",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026702"
      },
      {
        "category": "external",
        "summary": "2026804",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026804"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhea-2021_5066.json"
      }
    ],
    "title": "Red Hat Enhancement Advisory: MTV 2.2.0 Images",
    "tracking": {
      "current_release_date": "2024-09-16T06:13:23+00:00",
      "generator": {
        "date": "2024-09-16T06:13:23+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHEA-2021:5066",
      "initial_release_date": "2021-12-09T19:19:24+00:00",
      "revision_history": [
        {
          "date": "2021-12-09T19:19:24+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-12-09T19:19:24+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-16T06:13:23+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "8Base-MTV-2.2",
                "product": {
                  "name": "8Base-MTV-2.2",
                  "product_id": "8Base-MTV-2.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2.2::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Migration Toolkit for Virtualization"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-controller-rhel8\u0026tag=2.2.0-39"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-api-rhel8\u0026tag=2.2.0-53"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-must-gather-rhel8\u0026tag=2.2.0-57"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-operator-bundle\u0026tag=2.2.0-104"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-rhel8-operator\u0026tag=2.2.0-59"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-ui-rhel8\u0026tag=2.2.0-60"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-validation-rhel8\u0026tag=2.2.0-36"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64",
                "product": {
                  "name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64",
                  "product_id": "migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0?arch=amd64\u0026repository_url=registry.redhat.io/migration-toolkit-virtualization/mtv-virt-v2v-rhel8\u0026tag=2.2.0-18"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64 as a component of 8Base-MTV-2.2",
          "product_id": "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64",
        "relates_to_product_reference": "8Base-MTV-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64 as a component of 8Base-MTV-2.2",
          "product_id": "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
        "relates_to_product_reference": "8Base-MTV-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64 as a component of 8Base-MTV-2.2",
          "product_id": "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
        "relates_to_product_reference": "8Base-MTV-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64 as a component of 8Base-MTV-2.2",
          "product_id": "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
        "relates_to_product_reference": "8Base-MTV-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64 as a component of 8Base-MTV-2.2",
          "product_id": "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
        "relates_to_product_reference": "8Base-MTV-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64 as a component of 8Base-MTV-2.2",
          "product_id": "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64",
        "relates_to_product_reference": "8Base-MTV-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64 as a component of 8Base-MTV-2.2",
          "product_id": "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
        "relates_to_product_reference": "8Base-MTV-2.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64 as a component of 8Base-MTV-2.2",
          "product_id": "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64"
        },
        "product_reference": "migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64",
        "relates_to_product_reference": "8Base-MTV-2.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-3749",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-08-31T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1999784"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the nodejs axios. This flaw allows an attacker to provide crafted input to the trim function, which might cause high resources consumption and as a consequence lead to denial of service. The highest threat from this vulnerability is system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-axios: Regular expression denial of service in trim function",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* OpenShift Container Platform (OCP) grafana-container does package a vulnerable version of nodejs axios. However, due to the instance being read only and behind OpenShift OAuth, the impact of this vulnerability is Low.\n\n* Red Hat Advanced Cluster Management for Kubernetes (RHACM) 2.1 and previous versions does contain a vulnerable version of nodejs axios, RHACM 2.2 on towards are not affected versions. For RHACM 2.1, due to the instance being read only and behind OAuth, the impact of this vulnerability is Low.\n\n* Because Service Telemetry Framework 1.2 will be retiring soon and the flaw\u0027s impact is lower, no update will be provided at this time for STF\u0027s service-telemetry-operator-container and smart-gateway-operator-container.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64"
        ],
        "known_not_affected": [
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3749"
        },
        {
          "category": "external",
          "summary": "RHBZ#1999784",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1999784"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3749",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3749"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3749",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3749"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929",
          "url": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929"
        },
        {
          "category": "external",
          "summary": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31",
          "url": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31"
        }
      ],
      "release_date": "2021-08-31T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\n        https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHEA-2021:5066"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-axios: Regular expression denial of service in trim function"
    },
    {
      "cve": "CVE-2021-41089",
      "cwe": {
        "id": "CWE-552",
        "name": "Files or Directories Accessible to External Parties"
      },
      "discovery_date": "2021-09-27T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2008592"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A file permissions vulnerability was found in Moby (Docker Engine). Copying files by using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host\u0027s filesystem, which might lead to permissions escalation and allow an attacker access to restricted data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "moby: `docker cp` allows unexpected chmod of host file",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), Migration Toolkit for Virtualization (MTV) and Red Hat Quay some components bundle github.com/moby/moby, but successful exploitation requires using a specially crafted container, therefore impact to these components is LOW.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64"
        ],
        "known_not_affected": [
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-api-rhel8@sha256:cf63280768f5a5f1c71463e4fc6824e225f5c3041979c37d9c8c6009bb2cc618_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-must-gather-rhel8@sha256:b74533ee63f91871e662d53b8723b0ff9d6cb9669e1d643b2a2079007eb36b1b_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-operator-bundle@sha256:8052eca4ff2643bc7be9cd72e00b18015c9a7abc6421f61a454b418c84342c94_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-rhel8-operator@sha256:d6ff4e314aaf9e32a9250640e1b68e91c6d9c1ed379af2d8294f2595daef5312_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-ui-rhel8@sha256:675034f89ec601cc7755315b42ddda61fa2395397d7c57a270c1d0149058d8f3_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-validation-rhel8@sha256:f4739e4508739b0ecf493aaa7531b8463776499038097b2d19adbc3eb32724af_amd64",
          "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-virt-v2v-rhel8@sha256:1fa55d7af17e5c0d02ca6ea49b12339a8c6fd62d6131c993031cdb0e6cecaec0_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-41089"
        },
        {
          "category": "external",
          "summary": "RHBZ#2008592",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2008592"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-41089",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-41089"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-41089",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41089"
        },
        {
          "category": "external",
          "summary": "https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4",
          "url": "https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4"
        }
      ],
      "release_date": "2021-10-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\n        https://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHEA-2021:5066"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-MTV-2.2:migration-toolkit-virtualization/mtv-controller-rhel8@sha256:2cce5613b712523a5f5c869cbb70bc7c345abf3082cf0e4bac6bba10c964ac6b_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "moby: `docker cp` allows unexpected chmod of host file"
    }
  ]
}

cve-2021-3749

Vulnerability from cvelistv5

Published

2021-08-31 10:36

Modified

2024-08-03 17:09

Severity

7.5 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Inefficient Regular Expression Complexity in axios/axios

References

URL	Tags
https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31	x_refsource_CONFIRM
https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929	x_refsource_MISC
https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1%40%3Ccommits.druid.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103%40%3Ccommits.druid.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2%40%3Ccommits.druid.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r3ae6d2654f92c5851bdb73b35e96b0e4e3da39f28ac7a1b15ae3aab8%40%3Ccommits.druid.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ra15d63c54dc6474b29f72ae4324bcb03038758545b3ab800845de7a1%40%3Ccommits.druid.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r74d0b359408fff31f87445261f0ee13bdfcac7d66f6b8e846face321%40%3Ccommits.druid.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rc263bfc5b53afcb7e849605478d73f5556eb0c00d1f912084e407289%40%3Ccommits.druid.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r4bf1b32983f50be00f9752214c1b53738b621be1c2b0dbd68c7f2391%40%3Ccommits.druid.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r075d464dce95cd13c03ff9384658edcccd5ab2983b82bfc72b62bb10%40%3Ccommits.druid.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rfa094029c959da0f7c8cd7dc9c4e59d21b03457bf0cedf6c93e1bb0a%40%3Cdev.druid.apache.org%3E	mailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujul2022.html	x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf	x_refsource_CONFIRM

Impacted products

Vendor	Product
axios	axios/axios

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:09:08.302Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929"
          },
          {
            "name": "[druid-commits] 20211008 [GitHub] [druid] andreacyc closed pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211008 [GitHub] [druid] andreacyc opened a new pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211008 [GitHub] [druid] jihoonson commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson closed pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3ae6d2654f92c5851bdb73b35e96b0e4e3da39f28ac7a1b15ae3aab8%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211009 [GitHub] [druid] andreacyc opened a new pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra15d63c54dc6474b29f72ae4324bcb03038758545b3ab800845de7a1%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211009 [druid] branch master updated: Fix CVE-2021-3749 reported in security vulnerabilities job (#11786)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r74d0b359408fff31f87445261f0ee13bdfcac7d66f6b8e846face321%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc263bfc5b53afcb7e849605478d73f5556eb0c00d1f912084e407289%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson merged pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4bf1b32983f50be00f9752214c1b53738b621be1c2b0dbd68c7f2391%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211009 [GitHub] [druid] andreacyc commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r075d464dce95cd13c03ff9384658edcccd5ab2983b82bfc72b62bb10%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-dev] 20211009 [CRON] Passed: apache/druid#33528 (master - adb2237)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfa094029c959da0f7c8cd7dc9c4e59d21b03457bf0cedf6c93e1bb0a%40%3Cdev.druid.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "axios/axios",
          "vendor": "axios",
          "versions": [
            {
              "lessThanOrEqual": "0.21.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "axios is vulnerable to Inefficient Regular Expression Complexity"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333 Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-13T11:06:31",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929"
        },
        {
          "name": "[druid-commits] 20211008 [GitHub] [druid] andreacyc closed pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211008 [GitHub] [druid] andreacyc opened a new pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211008 [GitHub] [druid] jihoonson commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson closed pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3ae6d2654f92c5851bdb73b35e96b0e4e3da39f28ac7a1b15ae3aab8%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211009 [GitHub] [druid] andreacyc opened a new pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra15d63c54dc6474b29f72ae4324bcb03038758545b3ab800845de7a1%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211009 [druid] branch master updated: Fix CVE-2021-3749 reported in security vulnerabilities job (#11786)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r74d0b359408fff31f87445261f0ee13bdfcac7d66f6b8e846face321%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc263bfc5b53afcb7e849605478d73f5556eb0c00d1f912084e407289%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson merged pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4bf1b32983f50be00f9752214c1b53738b621be1c2b0dbd68c7f2391%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211009 [GitHub] [druid] andreacyc commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r075d464dce95cd13c03ff9384658edcccd5ab2983b82bfc72b62bb10%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-dev] 20211009 [CRON] Passed: apache/druid#33528 (master - adb2237)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfa094029c959da0f7c8cd7dc9c4e59d21b03457bf0cedf6c93e1bb0a%40%3Cdev.druid.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
        }
      ],
      "source": {
        "advisory": "1e8f07fc-c384-4ff9-8498-0690de2e8c31",
        "discovery": "EXTERNAL"
      },
      "title": "Inefficient Regular Expression Complexity in axios/axios",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2021-3749",
          "STATE": "PUBLIC",
          "TITLE": "Inefficient Regular Expression Complexity in axios/axios"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "axios/axios",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "0.21.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "axios"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "axios is vulnerable to Inefficient Regular Expression Complexity"
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-1333 Inefficient Regular Expression Complexity"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/1e8f07fc-c384-4ff9-8498-0690de2e8c31"
            },
            {
              "name": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929",
              "refsource": "MISC",
              "url": "https://github.com/axios/axios/commit/5b457116e31db0e88fede6c428e969e87f290929"
            },
            {
              "name": "[druid-commits] 20211008 [GitHub] [druid] andreacyc closed pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7324ecc35b8027a51cb6ed629490fcd3b2d7cf01c424746ed5744bf1@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20211008 [GitHub] [druid] andreacyc opened a new pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfc5c478053ff808671aef170f3d9fc9d05cc1fab8fb64431edc66103@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20211008 [GitHub] [druid] jihoonson commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r216f0fd0a3833856d6a6a1fada488cadba45f447d87010024328ccf2@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson closed pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3ae6d2654f92c5851bdb73b35e96b0e4e3da39f28ac7a1b15ae3aab8@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20211009 [GitHub] [druid] andreacyc opened a new pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra15d63c54dc6474b29f72ae4324bcb03038758545b3ab800845de7a1@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20211009 [druid] branch master updated: Fix CVE-2021-3749 reported in security vulnerabilities job (#11786)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r74d0b359408fff31f87445261f0ee13bdfcac7d66f6b8e846face321@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc263bfc5b53afcb7e849605478d73f5556eb0c00d1f912084e407289@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20211009 [GitHub] [druid] jihoonson merged pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4bf1b32983f50be00f9752214c1b53738b621be1c2b0dbd68c7f2391@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-commits] 20211009 [GitHub] [druid] andreacyc commented on pull request #11786: Fix CVE-2021-3749 reported in security vulnerabilities job",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r075d464dce95cd13c03ff9384658edcccd5ab2983b82bfc72b62bb10@%3Ccommits.druid.apache.org%3E"
            },
            {
              "name": "[druid-dev] 20211009 [CRON] Passed: apache/druid#33528 (master - adb2237)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfa094029c959da0f7c8cd7dc9c4e59d21b03457bf0cedf6c93e1bb0a@%3Cdev.druid.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
            }
          ]
        },
        "source": {
          "advisory": "1e8f07fc-c384-4ff9-8498-0690de2e8c31",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2021-3749",
    "datePublished": "2021-08-31T10:36:43",
    "dateReserved": "2021-08-30T00:00:00",
    "dateUpdated": "2024-08-03T17:09:08.302Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-41089

Vulnerability from cvelistv5

Published

2021-10-04 20:20

Modified

2024-08-04 02:59

Severity

2.8 (Low) - cvssV3_1 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

Summary

`docker cp` allows unexpected chmod of host files

References

URL	Tags
https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4	x_refsource_CONFIRM
https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/	vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/	vendor-advisory, x_refsource_FEDORA
https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf	x_refsource_CONFIRM

Impacted products

Vendor	Product
moby	moby

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:59:31.512Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a"
          },
          {
            "name": "FEDORA-2021-df975338d4",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/"
          },
          {
            "name": "FEDORA-2021-b5a9a481a2",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "moby",
          "vendor": "moby",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 20.10.9"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host\u2019s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-281",
              "description": "CWE-281: Improper Preservation of Permissions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-06-14T10:06:38",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a"
        },
        {
          "name": "FEDORA-2021-df975338d4",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/"
        },
        {
          "name": "FEDORA-2021-b5a9a481a2",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"
        }
      ],
      "source": {
        "advisory": "GHSA-v994-f8vw-g7j4",
        "discovery": "UNKNOWN"
      },
      "title": "`docker cp` allows unexpected chmod of host files",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-41089",
          "STATE": "PUBLIC",
          "TITLE": "`docker cp` allows unexpected chmod of host files"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "moby",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 20.10.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "moby"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host\u2019s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-281: Improper Preservation of Permissions"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4",
              "refsource": "CONFIRM",
              "url": "https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4"
            },
            {
              "name": "https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a",
              "refsource": "MISC",
              "url": "https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a"
            },
            {
              "name": "FEDORA-2021-df975338d4",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/"
            },
            {
              "name": "FEDORA-2021-b5a9a481a2",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-v994-f8vw-g7j4",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-41089",
    "datePublished": "2021-10-04T20:20:15",
    "dateReserved": "2021-09-15T00:00:00",
    "dateUpdated": "2024-08-04T02:59:31.512Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

rhea-2021_5066

Vulnerability from csaf_redhat

cve-2021-3749

Vulnerability from cvelistv5

cve-2021-41089

Vulnerability from cvelistv5

Tags