Vulnerability-Lookup

RHSA-2021_1551

Vulnerability from csaf_redhat - Published: 2021-05-19 15:03 - Updated: 2024-11-22 20:13

Summary

Red Hat Security Advisory: OpenShift Container Platform 4.7.11 security and bug fix update

Severity

Moderate

Notes

Topic: Red Hat OpenShift Container Platform release 4.7.11 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.11. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2021:1550 Security Fix(es): * golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362) * golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114) * jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163) * jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2020-28362

A flaw was found in the math/big package of Go's standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-295 - Improper Certificate Validation

Affected products

Fixed 26 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64	—	Vendor Fix fix

Known not affected 62 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch		—

Threats

Impact Moderate

CVE-2021-3114

A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-682 - Incorrect Calculation

Affected products

Fixed 26 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64	—	Vendor Fix fix

Known not affected 62 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch		—

Threats

Impact Moderate

CVE-2021-21639

A flaw was found in Jenkins. Due to lack of validation of type of object created after loading the data submitted to the config.xml REST API endpoint of a node, an attackers with Computer/Configure permission are able to replace a node with one of a different type.

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch		—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src		—	Vendor Fix fix

Known not affected 86 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64		—

Threats

Impact Low

CVE-2021-21640

A flaw was found in Jenkins. Due to lack of validation of the newly created view name, an attackers with View/Create permission are allowed to create views with invalid or already-used names.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-20 - Improper Input Validation

Affected products

Fixed 2 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch		—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src		—	Vendor Fix fix

Known not affected 86 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64		—

Threats

Impact Low

CVE-2021-28163

If the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink the contents of the ${jetty.base}/webapps directory may be deployed as a static web application, exposing the content of the directory for download. The highest threat from this vulnerability is to data confidentiality.

2.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Fixed 15 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64	—	Vendor Fix fix

Known not affected 73 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch		—

Threats

Impact Moderate

CVE-2021-28165

When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 15 products

Product	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64	—	Vendor Fix fix

Known not affected 73 products

Product	Identifier	Version	Remediation
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64		—
Unresolved product id: 7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src		—
Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch		—
Unresolved product id: 8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch		—

Threats

Impact Moderate

References

35 references

URL	Category
https://access.redhat.com/errata/RHSA-2021:1551	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=1897635	external
https://bugzilla.redhat.com/show_bug.cgi?id=1918750	external
https://bugzilla.redhat.com/show_bug.cgi?id=1945710	external
https://bugzilla.redhat.com/show_bug.cgi?id=1945714	external
https://bugzilla.redhat.com/show_bug.cgi?id=1959660	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2020-28362	self
https://bugzilla.redhat.com/show_bug.cgi?id=1897635	external
https://www.cve.org/CVERecord?id=CVE-2020-28362	external
https://nvd.nist.gov/vuln/detail/CVE-2020-28362	external
https://access.redhat.com/security/cve/CVE-2021-3114	self
https://bugzilla.redhat.com/show_bug.cgi?id=1918750	external
https://www.cve.org/CVERecord?id=CVE-2021-3114	external
https://nvd.nist.gov/vuln/detail/CVE-2021-3114	external
https://groups.google.com/g/golang-announce/c/mpe…	external
https://access.redhat.com/security/cve/CVE-2021-21639	self
https://bugzilla.redhat.com/show_bug.cgi?id=1947102	external
https://www.cve.org/CVERecord?id=CVE-2021-21639	external
https://nvd.nist.gov/vuln/detail/CVE-2021-21639	external
https://access.redhat.com/security/cve/CVE-2021-21640	self
https://bugzilla.redhat.com/show_bug.cgi?id=1947105	external
https://www.cve.org/CVERecord?id=CVE-2021-21640	external
https://nvd.nist.gov/vuln/detail/CVE-2021-21640	external
https://access.redhat.com/security/cve/CVE-2021-28163	self
https://bugzilla.redhat.com/show_bug.cgi?id=1945710	external
https://www.cve.org/CVERecord?id=CVE-2021-28163	external
https://nvd.nist.gov/vuln/detail/CVE-2021-28163	external
https://github.com/eclipse/jetty.project/security…	external
https://access.redhat.com/security/cve/CVE-2021-28165	self
https://bugzilla.redhat.com/show_bug.cgi?id=1945714	external
https://www.cve.org/CVERecord?id=CVE-2021-28165	external
https://nvd.nist.gov/vuln/detail/CVE-2021-28165	external
https://github.com/eclipse/jetty.project/security…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Container Platform release 4.7.11 is now available with updates to packages and images that fix several bugs.\n\nThis release includes a security update for Red Hat OpenShift Container Platform 4.7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.11. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1550\n\nSecurity Fix(es):\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\n* jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163)\n\n* jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-between-minor.html#understanding-upgrade-channels_updating-cluster-between-minor",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:1551",
        "url": "https://access.redhat.com/errata/RHSA-2021:1551"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1897635",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635"
      },
      {
        "category": "external",
        "summary": "1918750",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750"
      },
      {
        "category": "external",
        "summary": "1945710",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945710"
      },
      {
        "category": "external",
        "summary": "1945714",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945714"
      },
      {
        "category": "external",
        "summary": "1959660",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1959660"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_1551.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Container Platform 4.7.11 security and bug fix update",
    "tracking": {
      "current_release_date": "2024-11-22T20:13:04+00:00",
      "generator": {
        "date": "2024-11-22T20:13:04+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2021:1551",
      "initial_release_date": "2021-05-19T15:03:37+00:00",
      "revision_history": [
        {
          "date": "2021-05-19T15:03:37+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-05-19T15:03:37+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T20:13:04+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 4.7",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.7",
                  "product_id": "8Base-RHOSE-4.7",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:4.7::el8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Container Platform 4.7",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.7",
                  "product_id": "7Server-RH7-RHOSE-4.7",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:4.7::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
                "product": {
                  "name": "openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
                  "product_id": "openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-ironic@16.0.4-0.20210510131210.6787142.el8?arch=src\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
                "product": {
                  "name": "openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
                  "product_id": "openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-kuryr@4.7.0-202105111743.p0.git.36c2cdd.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
                "product": {
                  "name": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
                  "product_id": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202105111743.p0.git.39cfc66.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
                "product": {
                  "name": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
                  "product_id": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ignition@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
                "product": {
                  "name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
                  "product_id": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202105111743.p0.git.95881af.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
                "product": {
                  "name": "openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
                  "product_id": "openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift@4.7.0-202105111743.p0.git.75370d3.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
                "product": {
                  "name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
                  "product_id": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o@1.20.2-11.rhaos4.7.git704b03d.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jenkins-0:2.277.3.1620393611-1.el8.src",
                "product": {
                  "name": "jenkins-0:2.277.3.1620393611-1.el8.src",
                  "product_id": "jenkins-0:2.277.3.1620393611-1.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jenkins@2.277.3.1620393611-1.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-0:1.20.0-2.el8.src",
                "product": {
                  "name": "cri-tools-0:1.20.0-2.el8.src",
                  "product_id": "cri-tools-0:1.20.0-2.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools@1.20.0-2.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
                "product": {
                  "name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
                  "product_id": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc@1.0.0-95.rhaos4.8.gitcd80260.el8?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
                "product": {
                  "name": "openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
                  "product_id": "openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift@4.7.0-202105111743.p0.git.75370d3.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
                "product": {
                  "name": "openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
                  "product_id": "openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@4.7.0-202105111743.p0.git.e1b19c2.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
                "product": {
                  "name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
                  "product_id": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202105111743.p0.git.95881af.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-0:1.20.0-2.el7.src",
                "product": {
                  "name": "cri-tools-0:1.20.0-2.el7.src",
                  "product_id": "cri-tools-0:1.20.0-2.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools@1.20.0-2.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
                "product": {
                  "name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
                  "product_id": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o@1.20.2-11.rhaos4.7.git704b03d.el7?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
                "product": {
                  "name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
                  "product_id": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc@1.0.0-95.rhaos4.8.gitcd80260.el7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
                "product": {
                  "name": "openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
                  "product_id": "openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-ironic-api@16.0.4-0.20210510131210.6787142.el8?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
                "product": {
                  "name": "openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
                  "product_id": "openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-ironic-common@16.0.4-0.20210510131210.6787142.el8?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
                "product": {
                  "name": "openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
                  "product_id": "openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openstack-ironic-conductor@16.0.4-0.20210510131210.6787142.el8?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
                "product": {
                  "name": "python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
                  "product_id": "python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-ironic-tests@16.0.4-0.20210510131210.6787142.el8?arch=noarch\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
                "product": {
                  "name": "openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
                  "product_id": "openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-kuryr-cni@4.7.0-202105111743.p0.git.36c2cdd.el8?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
                "product": {
                  "name": "openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
                  "product_id": "openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-kuryr-common@4.7.0-202105111743.p0.git.36c2cdd.el8?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
                "product": {
                  "name": "openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
                  "product_id": "openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-kuryr-controller@4.7.0-202105111743.p0.git.36c2cdd.el8?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
                "product": {
                  "name": "python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
                  "product_id": "python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/python3-kuryr-kubernetes@4.7.0-202105111743.p0.git.36c2cdd.el8?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "jenkins-0:2.277.3.1620393611-1.el8.noarch",
                "product": {
                  "name": "jenkins-0:2.277.3.1620393611-1.el8.noarch",
                  "product_id": "jenkins-0:2.277.3.1620393611-1.el8.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/jenkins@2.277.3.1620393611-1.el8?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
                "product": {
                  "name": "openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
                  "product_id": "openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible@4.7.0-202105111743.p0.git.e1b19c2.el7?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
                "product": {
                  "name": "openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
                  "product_id": "openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-ansible-test@4.7.0-202105111743.p0.git.e1b19c2.el7?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
                "product": {
                  "name": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
                  "product_id": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202105111743.p0.git.39cfc66.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
                "product": {
                  "name": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
                  "product_id": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ignition@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
                "product": {
                  "name": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
                  "product_id": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ignition-validate@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
                "product": {
                  "name": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
                  "product_id": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ignition-debugsource@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
                "product": {
                  "name": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
                  "product_id": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ignition-debuginfo@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
                "product": {
                  "name": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
                  "product_id": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
                "product": {
                  "name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
                  "product_id": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202105111743.p0.git.95881af.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
                "product": {
                  "name": "openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
                  "product_id": "openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.7.0-202105111743.p0.git.95881af.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
                "product": {
                  "name": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
                  "product_id": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202105111743.p0.git.75370d3.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
                "product": {
                  "name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
                  "product_id": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o@1.20.2-11.rhaos4.7.git704b03d.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
                "product": {
                  "name": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
                  "product_id": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.2-11.rhaos4.7.git704b03d.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
                "product": {
                  "name": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
                  "product_id": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.2-11.rhaos4.7.git704b03d.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-0:1.20.0-2.el8.x86_64",
                "product": {
                  "name": "cri-tools-0:1.20.0-2.el8.x86_64",
                  "product_id": "cri-tools-0:1.20.0-2.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools@1.20.0-2.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
                "product": {
                  "name": "cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
                  "product_id": "cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools-debugsource@1.20.0-2.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
                "product": {
                  "name": "cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
                  "product_id": "cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.20.0-2.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
                "product": {
                  "name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
                  "product_id": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc@1.0.0-95.rhaos4.8.gitcd80260.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
                "product": {
                  "name": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
                  "product_id": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debugsource@1.0.0-95.rhaos4.8.gitcd80260.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
                "product": {
                  "name": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
                  "product_id": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-95.rhaos4.8.gitcd80260.el8?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
                "product": {
                  "name": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
                  "product_id": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202105111743.p0.git.75370d3.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
                "product": {
                  "name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
                  "product_id": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202105111743.p0.git.95881af.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
                "product": {
                  "name": "openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
                  "product_id": "openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients-redistributable@4.7.0-202105111743.p0.git.95881af.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-0:1.20.0-2.el7.x86_64",
                "product": {
                  "name": "cri-tools-0:1.20.0-2.el7.x86_64",
                  "product_id": "cri-tools-0:1.20.0-2.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools@1.20.0-2.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
                "product": {
                  "name": "cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
                  "product_id": "cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.20.0-2.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
                "product": {
                  "name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
                  "product_id": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o@1.20.2-11.rhaos4.7.git704b03d.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
                "product": {
                  "name": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
                  "product_id": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.2-11.rhaos4.7.git704b03d.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
                "product": {
                  "name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
                  "product_id": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc@1.0.0-95.rhaos4.8.gitcd80260.el7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
                "product": {
                  "name": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
                  "product_id": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-95.rhaos4.8.gitcd80260.el7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
                "product": {
                  "name": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
                  "product_id": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202105111743.p0.git.39cfc66.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
                "product": {
                  "name": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
                  "product_id": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ignition@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
                "product": {
                  "name": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
                  "product_id": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ignition-validate@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
                "product": {
                  "name": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
                  "product_id": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ignition-debugsource@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
                "product": {
                  "name": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
                  "product_id": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ignition-debuginfo@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
                "product": {
                  "name": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
                  "product_id": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
                "product": {
                  "name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
                  "product_id": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202105111743.p0.git.95881af.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
                "product": {
                  "name": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
                  "product_id": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202105111743.p0.git.75370d3.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
                "product": {
                  "name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
                  "product_id": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o@1.20.2-11.rhaos4.7.git704b03d.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
                "product": {
                  "name": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
                  "product_id": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.2-11.rhaos4.7.git704b03d.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
                "product": {
                  "name": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
                  "product_id": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.2-11.rhaos4.7.git704b03d.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-0:1.20.0-2.el8.ppc64le",
                "product": {
                  "name": "cri-tools-0:1.20.0-2.el8.ppc64le",
                  "product_id": "cri-tools-0:1.20.0-2.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools@1.20.0-2.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
                "product": {
                  "name": "cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
                  "product_id": "cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools-debugsource@1.20.0-2.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
                "product": {
                  "name": "cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
                  "product_id": "cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.20.0-2.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
                "product": {
                  "name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
                  "product_id": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc@1.0.0-95.rhaos4.8.gitcd80260.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
                "product": {
                  "name": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
                  "product_id": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debugsource@1.0.0-95.rhaos4.8.gitcd80260.el8?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
                "product": {
                  "name": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
                  "product_id": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-95.rhaos4.8.gitcd80260.el8?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
                "product": {
                  "name": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
                  "product_id": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@4.7.0-202105111743.p0.git.39cfc66.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
                "product": {
                  "name": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
                  "product_id": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ignition@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
                "product": {
                  "name": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
                  "product_id": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ignition-validate@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
                "product": {
                  "name": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
                  "product_id": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ignition-debugsource@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
                "product": {
                  "name": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
                  "product_id": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ignition-debuginfo@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
                "product": {
                  "name": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
                  "product_id": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/ignition-validate-debuginfo@2.9.0-3.rhaos4.7.git1d56dc8.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
                "product": {
                  "name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
                  "product_id": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-clients@4.7.0-202105111743.p0.git.95881af.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
                "product": {
                  "name": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
                  "product_id": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/openshift-hyperkube@4.7.0-202105111743.p0.git.75370d3.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
                "product": {
                  "name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
                  "product_id": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o@1.20.2-11.rhaos4.7.git704b03d.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
                "product": {
                  "name": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
                  "product_id": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o-debugsource@1.20.2-11.rhaos4.7.git704b03d.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
                "product": {
                  "name": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
                  "product_id": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-o-debuginfo@1.20.2-11.rhaos4.7.git704b03d.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-0:1.20.0-2.el8.s390x",
                "product": {
                  "name": "cri-tools-0:1.20.0-2.el8.s390x",
                  "product_id": "cri-tools-0:1.20.0-2.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools@1.20.0-2.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-debugsource-0:1.20.0-2.el8.s390x",
                "product": {
                  "name": "cri-tools-debugsource-0:1.20.0-2.el8.s390x",
                  "product_id": "cri-tools-debugsource-0:1.20.0-2.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools-debugsource@1.20.0-2.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
                "product": {
                  "name": "cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
                  "product_id": "cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/cri-tools-debuginfo@1.20.0-2.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
                "product": {
                  "name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
                  "product_id": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc@1.0.0-95.rhaos4.8.gitcd80260.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
                "product": {
                  "name": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
                  "product_id": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debugsource@1.0.0-95.rhaos4.8.gitcd80260.el8?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
                "product": {
                  "name": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
                  "product_id": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/runc-debuginfo@1.0.0-95.rhaos4.8.gitcd80260.el8?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src"
        },
        "product_reference": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64"
        },
        "product_reference": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64"
        },
        "product_reference": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-0:1.20.0-2.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src"
        },
        "product_reference": "cri-tools-0:1.20.0-2.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-0:1.20.0-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64"
        },
        "product_reference": "cri-tools-0:1.20.0-2.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-debuginfo-0:1.20.0-2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64"
        },
        "product_reference": "cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src"
        },
        "product_reference": "openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch"
        },
        "product_reference": "openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src"
        },
        "product_reference": "openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch"
        },
        "product_reference": "openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src"
        },
        "product_reference": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64"
        },
        "product_reference": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64"
        },
        "product_reference": "openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64"
        },
        "product_reference": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src"
        },
        "product_reference": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64"
        },
        "product_reference": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64"
        },
        "product_reference": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
        "relates_to_product_reference": "7Server-RH7-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le"
        },
        "product_reference": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x"
        },
        "product_reference": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src"
        },
        "product_reference": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64"
        },
        "product_reference": "atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le"
        },
        "product_reference": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x"
        },
        "product_reference": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src"
        },
        "product_reference": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64"
        },
        "product_reference": "cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le"
        },
        "product_reference": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x"
        },
        "product_reference": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64"
        },
        "product_reference": "cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le"
        },
        "product_reference": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x"
        },
        "product_reference": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64"
        },
        "product_reference": "cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-0:1.20.0-2.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le"
        },
        "product_reference": "cri-tools-0:1.20.0-2.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-0:1.20.0-2.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x"
        },
        "product_reference": "cri-tools-0:1.20.0-2.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-0:1.20.0-2.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src"
        },
        "product_reference": "cri-tools-0:1.20.0-2.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-0:1.20.0-2.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64"
        },
        "product_reference": "cri-tools-0:1.20.0-2.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le"
        },
        "product_reference": "cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-debuginfo-0:1.20.0-2.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x"
        },
        "product_reference": "cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-debuginfo-0:1.20.0-2.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64"
        },
        "product_reference": "cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-debugsource-0:1.20.0-2.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le"
        },
        "product_reference": "cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-debugsource-0:1.20.0-2.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x"
        },
        "product_reference": "cri-tools-debugsource-0:1.20.0-2.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cri-tools-debugsource-0:1.20.0-2.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64"
        },
        "product_reference": "cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le"
        },
        "product_reference": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x"
        },
        "product_reference": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src"
        },
        "product_reference": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64"
        },
        "product_reference": "ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le"
        },
        "product_reference": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x"
        },
        "product_reference": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64"
        },
        "product_reference": "ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le"
        },
        "product_reference": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x"
        },
        "product_reference": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64"
        },
        "product_reference": "ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le"
        },
        "product_reference": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x"
        },
        "product_reference": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64"
        },
        "product_reference": "ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le"
        },
        "product_reference": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x"
        },
        "product_reference": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64"
        },
        "product_reference": "ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jenkins-0:2.277.3.1620393611-1.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch"
        },
        "product_reference": "jenkins-0:2.277.3.1620393611-1.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "jenkins-0:2.277.3.1620393611-1.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src"
        },
        "product_reference": "jenkins-0:2.277.3.1620393611-1.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src"
        },
        "product_reference": "openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le"
        },
        "product_reference": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x"
        },
        "product_reference": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src"
        },
        "product_reference": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64"
        },
        "product_reference": "openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64"
        },
        "product_reference": "openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le"
        },
        "product_reference": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x"
        },
        "product_reference": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64"
        },
        "product_reference": "openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src"
        },
        "product_reference": "openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch"
        },
        "product_reference": "openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch"
        },
        "product_reference": "openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch"
        },
        "product_reference": "openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src"
        },
        "product_reference": "openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch"
        },
        "product_reference": "openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch"
        },
        "product_reference": "openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch"
        },
        "product_reference": "openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch"
        },
        "product_reference": "python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch"
        },
        "product_reference": "python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le"
        },
        "product_reference": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x"
        },
        "product_reference": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src"
        },
        "product_reference": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
        },
        "product_reference": "runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le"
        },
        "product_reference": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x"
        },
        "product_reference": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
        },
        "product_reference": "runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le"
        },
        "product_reference": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x"
        },
        "product_reference": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64 as a component of Red Hat OpenShift Container Platform 4.7",
          "product_id": "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
        },
        "product_reference": "runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
        "relates_to_product_reference": "8Base-RHOSE-4.7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-28362",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "discovery_date": "2020-11-12T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
            "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
            "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
            "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
            "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
            "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
            "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
            "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
            "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
            "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
            "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
            "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
            "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
            "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
            "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
            "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
            "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
            "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
            "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
            "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src",
            "8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
            "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
            "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
            "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
            "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
            "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
            "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
            "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
            "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
            "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
            "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
            "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
            "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
            "8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
            "8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
            "8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
            "8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
            "8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
            "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1897635"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the math/big package of Go\u0027s standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: math/big: panic during recursive division of very large numbers",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.\nOpenshift Virtualization 1 (formerly Container Native Virtualization) is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities.\n\nRed Hat Gluster Storage 3 shipped multi-cloud-object-gateway-cli and noobaa-operator container as a technical preview and is not currently planned to be addressed in future updates.\n\nOpenShift Container Platform (OCP) 4.5 and earlier are built with Go versions earlier than 1.14, which are not affected by this vulnerability. OCP 4.6 is built with Go 1.15 and is affected.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
          "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
          "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
          "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
          "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
          "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
          "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
          "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
          "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
          "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
          "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
          "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
          "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
          "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
          "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
          "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
          "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
          "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
          "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
          "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
          "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
          "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
          "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
          "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
          "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
          "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
          "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
          "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
          "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
          "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
          "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
          "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
          "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
          "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
          "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
          "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
          "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
          "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
          "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src",
          "8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
          "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
          "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
          "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
          "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
          "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
          "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
          "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
          "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
          "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
          "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
          "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
          "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
          "8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
          "8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
          "8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
          "8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
          "8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
          "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-28362"
        },
        {
          "category": "external",
          "summary": "RHBZ#1897635",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28362",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-28362"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362"
        }
      ],
      "release_date": "2020-11-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-05-19T15:03:37+00:00",
          "details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
          "product_ids": [
            "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
            "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
            "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
            "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
            "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
            "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
            "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:1551"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
            "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
            "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
            "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
            "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
            "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
            "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: math/big: panic during recursive division of very large numbers"
    },
    {
      "cve": "CVE-2021-3114",
      "cwe": {
        "id": "CWE-682",
        "name": "Incorrect Calculation"
      },
      "discovery_date": "2021-01-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
            "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
            "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
            "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
            "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
            "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
            "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
            "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
            "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
            "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
            "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
            "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
            "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
            "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
            "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
            "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
            "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
            "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
            "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
            "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src",
            "8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
            "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
            "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
            "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
            "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
            "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
            "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
            "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
            "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
            "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
            "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
            "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
            "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
            "8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
            "8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
            "8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
            "8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
            "8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
            "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1918750"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: crypto/elliptic: incorrect operations on the P-224 curve",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
          "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
          "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
          "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
          "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
          "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
          "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
          "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
          "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
          "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
          "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
          "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
          "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
          "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
          "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
          "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
          "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
          "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
          "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
          "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
          "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
          "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
          "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
          "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
          "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
          "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
          "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
          "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
          "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
          "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
          "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
          "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
          "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
          "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
          "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
          "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
          "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
          "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
          "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src",
          "8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
          "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
          "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
          "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
          "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
          "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
          "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
          "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
          "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
          "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
          "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
          "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
          "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
          "8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
          "8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
          "8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
          "8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
          "8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
          "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3114"
        },
        {
          "category": "external",
          "summary": "RHBZ#1918750",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3114",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3114"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/mperVMGa98w",
          "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
        }
      ],
      "release_date": "2021-01-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-05-19T15:03:37+00:00",
          "details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
          "product_ids": [
            "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
            "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
            "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
            "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
            "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
            "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
            "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:1551"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
            "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
            "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
            "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
            "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
            "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
            "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "golang: crypto/elliptic: incorrect operations on the P-224 curve"
    },
    {
      "cve": "CVE-2021-21639",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-04-07T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
            "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
            "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
            "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
            "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
            "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
            "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
            "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
            "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
            "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
            "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
            "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
            "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
            "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
            "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
            "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
            "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
            "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
            "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
            "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
            "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
            "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
            "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
            "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
            "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
            "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
            "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
            "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
            "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
            "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
            "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
            "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
            "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
            "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
            "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
            "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
            "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
            "8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
            "8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
            "8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
            "8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
            "8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
            "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1947102"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Jenkins. Due to lack of validation of type of object created after loading the data submitted to the config.xml REST API endpoint of a node, an attackers with Computer/Configure permission are able to replace a node with one of a different type.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: lack of type validation in agent related REST API",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
          "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
          "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
          "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
          "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
          "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
          "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
          "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
          "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
          "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
          "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
          "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
          "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
          "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
          "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
          "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
          "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
          "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
          "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
          "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
          "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
          "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
          "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
          "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
          "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
          "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
          "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
          "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
          "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
          "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
          "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
          "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
          "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
          "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
          "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
          "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
          "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
          "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
          "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
          "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
          "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
          "8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
          "8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
          "8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
          "8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
          "8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
          "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
          "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
          "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
          "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
          "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
          "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
          "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
          "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
          "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
          "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
          "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21639"
        },
        {
          "category": "external",
          "summary": "RHBZ#1947102",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947102"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21639",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21639"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21639",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21639"
        }
      ],
      "release_date": "2021-04-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-05-19T15:03:37+00:00",
          "details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
          "product_ids": [
            "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
            "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:1551"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
            "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "jenkins: lack of type validation in agent related REST API"
    },
    {
      "cve": "CVE-2021-21640",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-04-07T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
            "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
            "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
            "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
            "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
            "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
            "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
            "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
            "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
            "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
            "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
            "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
            "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
            "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
            "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
            "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
            "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
            "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
            "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
            "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
            "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
            "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
            "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
            "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
            "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
            "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
            "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
            "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
            "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
            "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
            "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
            "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
            "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
            "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
            "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
            "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
            "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
            "8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
            "8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
            "8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
            "8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
            "8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
            "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1947105"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Jenkins. Due to lack of validation of the newly created view name, an attackers with View/Create permission are allowed to create views with invalid or already-used names.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jenkins: view name validation bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
          "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
          "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
          "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
          "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
          "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
          "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
          "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
          "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
          "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
          "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
          "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
          "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
          "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
          "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
          "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
          "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
          "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
          "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
          "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
          "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
          "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
          "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
          "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
          "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
          "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
          "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
          "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
          "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
          "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
          "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
          "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
          "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
          "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
          "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
          "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
          "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
          "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
          "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
          "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
          "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
          "8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
          "8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
          "8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
          "8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
          "8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
          "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
          "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
          "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
          "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
          "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
          "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
          "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
          "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
          "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
          "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
          "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21640"
        },
        {
          "category": "external",
          "summary": "RHBZ#1947105",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947105"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-21640",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-21640"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-21640",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21640"
        }
      ],
      "release_date": "2021-04-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-05-19T15:03:37+00:00",
          "details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
          "product_ids": [
            "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
            "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:1551"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
            "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "jenkins: view name validation bypass"
    },
    {
      "cve": "CVE-2021-28163",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "discovery_date": "2021-04-01T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
            "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
            "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
            "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
            "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
            "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
            "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
            "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
            "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
            "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
            "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
            "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
            "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
            "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
            "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
            "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
            "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
            "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
            "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
            "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
            "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
            "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
            "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
            "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
            "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
            "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
            "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
            "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
            "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
            "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
            "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
            "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
            "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
            "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
            "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
            "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
            "8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
            "8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
            "8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
            "8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
            "8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
            "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1945710"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "If the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink the contents of the ${jetty.base}/webapps directory may be deployed as a static web application, exposing the content of the directory for download. The highest threat from this vulnerability is to data confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty: Symlink directory exposes webapp directory contents",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated\n\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.\n\nRed Hat CodeReady Studio 12 is not affected by this vulnerability because it does not ship a vulnerable version of jetty.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
          "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
          "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
          "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src",
          "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
          "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
          "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
          "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
          "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
          "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
          "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
          "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
          "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
          "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
          "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
          "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
          "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
          "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
          "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
          "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
          "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
          "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
          "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
          "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
          "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
          "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
          "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
          "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
          "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
          "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
          "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
          "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
          "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
          "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
          "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
          "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
          "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
          "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
          "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
          "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
          "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
          "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
          "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
          "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
          "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
          "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
          "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
          "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
          "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
          "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
          "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
          "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
          "8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
          "8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
          "8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
          "8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
          "8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
          "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-28163"
        },
        {
          "category": "external",
          "summary": "RHBZ#1945710",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945710"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-28163",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-28163"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28163",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28163"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq",
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq"
        }
      ],
      "release_date": "2021-04-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-05-19T15:03:37+00:00",
          "details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
          "product_ids": [
            "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
            "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
            "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
            "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:1551"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
            "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
            "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
            "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jetty: Symlink directory exposes webapp directory contents"
    },
    {
      "cve": "CVE-2021-28165",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-04-01T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
            "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
            "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
            "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
            "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
            "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
            "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
            "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
            "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
            "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
            "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
            "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
            "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
            "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
            "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
            "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
            "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
            "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
            "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
            "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
            "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
            "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
            "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
            "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
            "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
            "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
            "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
            "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
            "8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
            "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
            "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
            "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
            "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
            "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
            "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
            "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
            "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
            "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
            "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
            "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
            "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
            "8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
            "8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
            "8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
            "8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
            "8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
            "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1945714"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing high CPU resources utilization. The highest threat from this vulnerability is to service availability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jetty: Resource exhaustion when receiving an invalid large TLS frame",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jetty.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated\n\nRed Hat OpenStack Platform\u0027s OpenDaylight will not be updated for this flaw because it was deprecated as of OpenStack Platform 14 and is only receiving security fixes for Important and Critical flaws.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
          "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
          "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
          "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src",
          "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
          "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
          "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
          "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
          "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
          "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
          "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
          "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
          "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
          "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
        ],
        "known_not_affected": [
          "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.src",
          "7Server-RH7-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.src",
          "7Server-RH7-RHOSE-4.7:cri-tools-0:1.20.0-2.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el7.src",
          "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
          "7Server-RH7-RHOSE-4.7:openshift-ansible-0:4.7.0-202105111743.p0.git.e1b19c2.el7.src",
          "7Server-RH7-RHOSE-4.7:openshift-ansible-test-0:4.7.0-202105111743.p0.git.e1b19c2.el7.noarch",
          "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.src",
          "7Server-RH7-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el7.x86_64",
          "7Server-RH7-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el7.x86_64",
          "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.ppc64le",
          "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.s390x",
          "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.src",
          "8Base-RHOSE-4.7:atomic-openshift-service-idler-0:4.7.0-202105111743.p0.git.39cfc66.el8.x86_64",
          "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
          "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.src",
          "8Base-RHOSE-4.7:cri-o-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
          "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
          "8Base-RHOSE-4.7:cri-o-debuginfo-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
          "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.s390x",
          "8Base-RHOSE-4.7:cri-o-debugsource-0:1.20.2-11.rhaos4.7.git704b03d.el8.x86_64",
          "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.s390x",
          "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.src",
          "8Base-RHOSE-4.7:cri-tools-0:1.20.0-2.el8.x86_64",
          "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.s390x",
          "8Base-RHOSE-4.7:cri-tools-debuginfo-0:1.20.0-2.el8.x86_64",
          "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.ppc64le",
          "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.s390x",
          "8Base-RHOSE-4.7:cri-tools-debugsource-0:1.20.0-2.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.src",
          "8Base-RHOSE-4.7:ignition-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-debugsource-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-validate-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.ppc64le",
          "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.s390x",
          "8Base-RHOSE-4.7:ignition-validate-debuginfo-0:2.9.0-3.rhaos4.7.git1d56dc8.el8.x86_64",
          "8Base-RHOSE-4.7:openshift-0:4.7.0-202105111743.p0.git.75370d3.el8.src",
          "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.ppc64le",
          "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.s390x",
          "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.src",
          "8Base-RHOSE-4.7:openshift-clients-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
          "8Base-RHOSE-4.7:openshift-clients-redistributable-0:4.7.0-202105111743.p0.git.95881af.el8.x86_64",
          "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.ppc64le",
          "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.s390x",
          "8Base-RHOSE-4.7:openshift-hyperkube-0:4.7.0-202105111743.p0.git.75370d3.el8.x86_64",
          "8Base-RHOSE-4.7:openshift-kuryr-0:4.7.0-202105111743.p0.git.36c2cdd.el8.src",
          "8Base-RHOSE-4.7:openshift-kuryr-cni-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
          "8Base-RHOSE-4.7:openshift-kuryr-common-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
          "8Base-RHOSE-4.7:openshift-kuryr-controller-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch",
          "8Base-RHOSE-4.7:openstack-ironic-1:16.0.4-0.20210510131210.6787142.el8.src",
          "8Base-RHOSE-4.7:openstack-ironic-api-1:16.0.4-0.20210510131210.6787142.el8.noarch",
          "8Base-RHOSE-4.7:openstack-ironic-common-1:16.0.4-0.20210510131210.6787142.el8.noarch",
          "8Base-RHOSE-4.7:openstack-ironic-conductor-1:16.0.4-0.20210510131210.6787142.el8.noarch",
          "8Base-RHOSE-4.7:python3-ironic-tests-1:16.0.4-0.20210510131210.6787142.el8.noarch",
          "8Base-RHOSE-4.7:python3-kuryr-kubernetes-0:4.7.0-202105111743.p0.git.36c2cdd.el8.noarch"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-28165"
        },
        {
          "category": "external",
          "summary": "RHBZ#1945714",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1945714"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-28165",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-28165"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-28165",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28165"
        },
        {
          "category": "external",
          "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w",
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w"
        }
      ],
      "release_date": "2021-04-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-05-19T15:03:37+00:00",
          "details": "For OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html",
          "product_ids": [
            "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
            "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
            "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
            "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:1551"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.src",
            "7Server-RH7-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
            "7Server-RH7-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el7.x86_64",
            "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.noarch",
            "8Base-RHOSE-4.7:jenkins-0:2.277.3.1620393611-1.el8.src",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.src",
            "8Base-RHOSE-4.7:runc-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-debuginfo-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.ppc64le",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.s390x",
            "8Base-RHOSE-4.7:runc-debugsource-0:1.0.0-95.rhaos4.8.gitcd80260.el8.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jetty: Resource exhaustion when receiving an invalid large TLS frame"
    }
  ]
}

CVE-2020-28362 (GCVE-0-2020-28362)

Vulnerability from cvelistv5 – Published: 2020-11-18 16:27 – Updated: 2024-08-04 16:33

Summary

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

6 references

URL	Tags
https://lists.apache.org/thread.html/rd02e75766cd…	mailing-listx_refsource_MLIST
https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI	x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://security.netapp.com/advisory/ntap-2020120…	x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://www.arista.com/en/support/advisories-noti…	x_refsource_MISC

Date Public ?

2020-11-12 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:33:59.119Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[trafficcontrol-issues] 20201112 [GitHub] [trafficcontrol] zrhoffman opened a new pull request #5278: Update Go version to 1.15.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd%40%3Cissues.trafficcontrol.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI"
          },
          {
            "name": "FEDORA-2020-864922e78a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20201202-0004/"
          },
          {
            "name": "FEDORA-2020-e971480183",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-11-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-11-05T09:58:49.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[trafficcontrol-issues] 20201112 [GitHub] [trafficcontrol] zrhoffman opened a new pull request #5278: Update Go version to 1.15.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd%40%3Cissues.trafficcontrol.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI"
        },
        {
          "name": "FEDORA-2020-864922e78a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20201202-0004/"
        },
        {
          "name": "FEDORA-2020-e971480183",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-28362",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[trafficcontrol-issues] 20201112 [GitHub] [trafficcontrol] zrhoffman opened a new pull request #5278: Update Go version to 1.15.5",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd02e75766cd333a0df417588460f5e4477060633000bfe94955851fd@%3Cissues.trafficcontrol.apache.org%3E"
            },
            {
              "name": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI",
              "refsource": "CONFIRM",
              "url": "https://groups.google.com/g/golang-nuts/c/c-ssaaS7RMI"
            },
            {
              "name": "FEDORA-2020-864922e78a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F3ZSHGNTJWCWYAKY5OLZS2XQQYHSXSUO/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20201202-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20201202-0004/"
            },
            {
              "name": "FEDORA-2020-e971480183",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2W4COUPL3YVTZ6RTEIT6LPBDJUFF3VSP/"
            },
            {
              "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62",
              "refsource": "MISC",
              "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12166-security-advisory-62"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-28362",
    "datePublished": "2020-11-18T16:27:38.000Z",
    "dateReserved": "2020-11-09T00:00:00.000Z",
    "dateUpdated": "2024-08-04T16:33:59.119Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-21639 (GCVE-0-2021-21639)

Vulnerability from cvelistv5 – Published: 2021-04-07 13:50 – Updated: 2024-08-03 18:16

Summary

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type.

Severity ?

No CVSS data available.

Assigner

jenkins

References

2 references

URL	Tags
https://www.jenkins.io/security/advisory/2021-04-…	x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2021/04/07/2	mailing-listx_refsource_MLIST

Impacted products

1 product

Vendor	Product	Version
Jenkins project	Jenkins	Affected: unspecified , ≤ 2.286 (custom) Affected: unspecified , ≤ LTS 2.277.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:16:23.927Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1721"
          },
          {
            "name": "[oss-security] 20210407 Multiple vulnerabilities in Jenkins and Jenkins plugins",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/04/07/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jenkins",
          "vendor": "Jenkins project",
          "versions": [
            {
              "lessThanOrEqual": "2.286",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "LTS 2.277.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-24T15:51:02.485Z",
        "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "shortName": "jenkins"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1721"
        },
        {
          "name": "[oss-security] 20210407 Multiple vulnerabilities in Jenkins and Jenkins plugins",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/04/07/2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "jenkinsci-cert@googlegroups.com",
          "ID": "CVE-2021-21639",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Jenkins",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "2.286"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "LTS 2.277.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Jenkins project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not validate the type of object created after loading the data submitted to the `config.xml` REST API endpoint of a node, allowing attackers with Computer/Configure permission to replace a node with one of a different type."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20: Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1721",
              "refsource": "CONFIRM",
              "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1721"
            },
            {
              "name": "[oss-security] 20210407 Multiple vulnerabilities in Jenkins and Jenkins plugins",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/04/07/2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
    "assignerShortName": "jenkins",
    "cveId": "CVE-2021-21639",
    "datePublished": "2021-04-07T13:50:13.000Z",
    "dateReserved": "2021-01-04T00:00:00.000Z",
    "dateUpdated": "2024-08-03T18:16:23.927Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-21640 (GCVE-0-2021-21640)

Vulnerability from cvelistv5 – Published: 2021-04-07 13:50 – Updated: 2024-08-03 18:16

Summary

Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid or already-used names.

Severity ?

No CVSS data available.

Assigner

jenkins

References

2 references

URL	Tags
https://www.jenkins.io/security/advisory/2021-04-…	x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2021/04/07/2	mailing-listx_refsource_MLIST

Impacted products

1 product

Vendor	Product	Version
Jenkins project	Jenkins	Affected: unspecified , ≤ 2.286 (custom) Affected: unspecified , ≤ LTS 2.277.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:16:23.813Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1871"
          },
          {
            "name": "[oss-security] 20210407 Multiple vulnerabilities in Jenkins and Jenkins plugins",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/04/07/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Jenkins",
          "vendor": "Jenkins project",
          "versions": [
            {
              "lessThanOrEqual": "2.286",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "LTS 2.277.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid or already-used names."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-24T15:51:03.643Z",
        "orgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
        "shortName": "jenkins"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1871"
        },
        {
          "name": "[oss-security] 20210407 Multiple vulnerabilities in Jenkins and Jenkins plugins",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/04/07/2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "jenkinsci-cert@googlegroups.com",
          "ID": "CVE-2021-21640",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Jenkins",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_value": "2.286"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "LTS 2.277.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Jenkins project"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Jenkins 2.286 and earlier, LTS 2.277.1 and earlier does not properly check that a newly created view has an allowed name, allowing attackers with View/Create permission to create views with invalid or already-used names."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-240: Improper Handling of Inconsistent Structural Elements"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1871",
              "refsource": "CONFIRM",
              "url": "https://www.jenkins.io/security/advisory/2021-04-07/#SECURITY-1871"
            },
            {
              "name": "[oss-security] 20210407 Multiple vulnerabilities in Jenkins and Jenkins plugins",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/04/07/2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "39769cd5-e6e2-4dc8-927e-97b3aa056f5b",
    "assignerShortName": "jenkins",
    "cveId": "CVE-2021-21640",
    "datePublished": "2021-04-07T13:50:14.000Z",
    "dateReserved": "2021-01-04T00:00:00.000Z",
    "dateUpdated": "2024-08-03T18:16:23.813Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-28163 (GCVE-0-2021-28163)

Vulnerability from cvelistv5 – Published: 2021-04-01 14:20 – Updated: 2024-08-03 21:40

Summary

In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory.

Severity ?

2.7 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-200

Assigner

eclipse

References

26 references

URL	Tags
https://github.com/eclipse/jetty.project/security…	x_refsource_CONFIRM
https://lists.apache.org/thread.html/r780c3c210a0…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r5b3693da7ec…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rd7c8fb305a8…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r0841b06b483…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r787e47297a6…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r6ac9e263129…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r4a66bfbf622…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r4b1fef117bc…	mailing-listx_refsource_MLIST
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.apache.org/thread.html/r111f1ce28b1…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r2ea2f054112…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r9974f647238…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rbc075a4ac85…	mailing-listx_refsource_MLIST
https://security.netapp.com/advisory/ntap-2021061…	x_refsource_CONFIRM
https://lists.apache.org/thread.html/rd0471252aeb…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rf36f1114e84…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rddbb4f8d5db…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r67c4f90658f…	mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2021.html	x_refsource_MISC
https://lists.apache.org/thread.html/r8a1a332899a…	x_refsource_MISC
https://lists.apache.org/thread.html/rbefa055282d…	x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
The Eclipse Foundation	Eclipse Jetty	Affected: 9.4.32 , < unspecified (custom) Affected: unspecified , ≤ 9.4.38 (custom) Affected: 10.0.0.beta2 , < unspecified (custom) Affected: unspecified , ≤ 10.0.1 (custom) Affected: 11.0.0.beta2 , < unspecified (custom) Affected: unspecified , ≤ 11.0.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:40:12.280Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq"
          },
          {
            "name": "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E"
          },
          {
            "name": "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E"
          },
          {
            "name": "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E"
          },
          {
            "name": "[solr-issues] 20210414 [jira] [Created] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r787e47297a614b05b99d01b04c8a1d6c0cafb480c9cb7c624a6b8fc3%40%3Cissues.solr.apache.org%3E"
          },
          {
            "name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E"
          },
          {
            "name": "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E"
          },
          {
            "name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E"
          },
          {
            "name": "FEDORA-2021-444e38face",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HAAKW7S66TECXGJZWB3ZFGOQAK34IYHF/"
          },
          {
            "name": "FEDORA-2021-35f06984d7",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5CXQIJVYU4R3JL6LSPXQ5GIV7WLLA7PI/"
          },
          {
            "name": "FEDORA-2021-fd66b2bd53",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGNKXBNRRCZTGGXPIX3VBWCF2SAM3DWS/"
          },
          {
            "name": "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E"
          },
          {
            "name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E"
          },
          {
            "name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E"
          },
          {
            "name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210611-0006/"
          },
          {
            "name": "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , - Upgrade jetty to 9.4.42",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, - Upgrade jetty to 9.4.42",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, CVE-2021-34428- Upgrade jetty to 9.4.42",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Eclipse Jetty",
          "vendor": "The Eclipse Foundation",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "9.4.32",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.4.38",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "10.0.0.beta2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "10.0.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "11.0.0.beta2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "11.0.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T23:54:15.000Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq"
        },
        {
          "name": "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E"
        },
        {
          "name": "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E"
        },
        {
          "name": "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E"
        },
        {
          "name": "[solr-issues] 20210414 [jira] [Created] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r787e47297a614b05b99d01b04c8a1d6c0cafb480c9cb7c624a6b8fc3%40%3Cissues.solr.apache.org%3E"
        },
        {
          "name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E"
        },
        {
          "name": "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E"
        },
        {
          "name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E"
        },
        {
          "name": "FEDORA-2021-444e38face",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HAAKW7S66TECXGJZWB3ZFGOQAK34IYHF/"
        },
        {
          "name": "FEDORA-2021-35f06984d7",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5CXQIJVYU4R3JL6LSPXQ5GIV7WLLA7PI/"
        },
        {
          "name": "FEDORA-2021-fd66b2bd53",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GGNKXBNRRCZTGGXPIX3VBWCF2SAM3DWS/"
        },
        {
          "name": "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E"
        },
        {
          "name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E"
        },
        {
          "name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E"
        },
        {
          "name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210611-0006/"
        },
        {
          "name": "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , - Upgrade jetty to 9.4.42",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, - Upgrade jetty to 9.4.42",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, CVE-2021-34428- Upgrade jetty to 9.4.42",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@eclipse.org",
          "ID": "CVE-2021-28163",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Eclipse Jetty",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "9.4.32"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "9.4.38"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "10.0.0.beta2"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "10.0.1"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "11.0.0.beta2"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "11.0.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The Eclipse Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Eclipse Jetty 9.4.32 to 9.4.38, 10.0.0.beta2 to 10.0.1, and 11.0.0.beta2 to 11.0.1, if a user uses a webapps directory that is a symlink, the contents of the webapps directory is deployed as a static webapp, inadvertently serving the webapps themselves and anything else that might be in that directory."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 2.7,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq",
              "refsource": "CONFIRM",
              "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-j6qj-j888-vvgq"
            },
            {
              "name": "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E"
            },
            {
              "name": "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e@%3Cdev.ignite.apache.org%3E"
            },
            {
              "name": "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E"
            },
            {
              "name": "[solr-issues] 20210414 [jira] [Created] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r787e47297a614b05b99d01b04c8a1d6c0cafb480c9cb7c624a6b8fc3@%3Cissues.solr.apache.org%3E"
            },
            {
              "name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E"
            },
            {
              "name": "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E"
            },
            {
              "name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E"
            },
            {
              "name": "FEDORA-2021-444e38face",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HAAKW7S66TECXGJZWB3ZFGOQAK34IYHF/"
            },
            {
              "name": "FEDORA-2021-35f06984d7",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5CXQIJVYU4R3JL6LSPXQ5GIV7WLLA7PI/"
            },
            {
              "name": "FEDORA-2021-fd66b2bd53",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GGNKXBNRRCZTGGXPIX3VBWCF2SAM3DWS/"
            },
            {
              "name": "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E"
            },
            {
              "name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E"
            },
            {
              "name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E"
            },
            {
              "name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210611-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210611-0006/"
            },
            {
              "name": "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c@%3Cissues.solr.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , - Upgrade jetty to 9.4.42",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf36f1114e84a3379b20587063686148e2d5a39abc0b8a66ff2a9087a@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, - Upgrade jetty to 9.4.42",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rddbb4f8d5db23265bb63d14ef4b3723b438abc1589f877db11d35450@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210928 [jira] [Updated] (ZOOKEEPER-4390) CVE-2021-28169 , CVE-2021-28163, CVE-2021-34428- Upgrade jetty to 9.4.42",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r67c4f90658fde875521c949448c54c98517beecdc7f618f902c620ec@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084@%3Cnotifications.zookeeper.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r8a1a332899a1f92c8118b0895b144b27a78e3f25b9d58a34dd5eb084@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd@%3Cnotifications.zookeeper.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/rbefa055282d52d6b58d29a79fbb0be65ab0a38d25f00bd29eaf5e6fd@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2021-28163",
    "datePublished": "2021-04-01T14:20:13.000Z",
    "dateReserved": "2021-03-12T00:00:00.000Z",
    "dateUpdated": "2024-08-03T21:40:12.280Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-28165 (GCVE-0-2021-28165)

Vulnerability from cvelistv5 – Published: 2021-04-01 14:20 – Updated: 2025-08-27 20:37

Summary

In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Assigner

eclipse

References

107 references

URL	Tags
https://github.com/eclipse/jetty.project/security…	x_refsource_CONFIRM
https://lists.apache.org/thread.html/r17e26cf9a1e…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r5f172f2dd8f…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/ra210e38ae0b…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/re577736ca7d…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rbcd7b477df5…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r9db72e9c33b…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/re6614b4fe7d…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r56e5568ac73…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/ra21b3e6bd96…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rbba0b02a328…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rf99f9a25ca2…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rdf4fe435891…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rb11a13e6232…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r7bf7004c18c…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/ra9dd15ba8a4…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r002258611ed…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r0a241b0649b…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rc907ed7b089…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r33eb3889ca0…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r4abbd760d24…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/ra50519652b0…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rdbf2a2cd180…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rbab9e67ec97…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r0f02034a330…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r03ca0b69db1…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r83453ec252a…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r5d1f16dca2e…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r940f15db77a…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r7c40fb3a66a…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r942f4a903d0…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rf6de4c249bd…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rb8f5a6ded38…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/re3a1617d16a…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r2f2d9c3b7cc…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r0cd1a5e3f4a…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rdfe5f1c071b…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r9b793db9f39…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r9fae5a4087d…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r769155244ca…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rfd3ff6e66b6…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rb66ed0b4bb7…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rc6c43c3180c…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r31f591a0dea…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rae8bbc5a516…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rbd9a837a18c…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/raea6e820644…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rb1624b9777a…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/ree1895a256a…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rd6c1eb9a8a9…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rb2d34abb67c…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rb00345f6b16…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r05db8e0ef01…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r71031d0acb1…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r06d54a297cb…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rdde34d53aa8…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r411d75dc6bc…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r2afc72af069…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r0a4797ba6ce…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r23785214d47…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rf1b02dfccd2…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r47a7542ab61…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r72bf813ed47…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r746434be6ab…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r6ce2907b269…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rd24d8a05923…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r7189bf41cb0…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r4891d45625c…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/re0545ecced2…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r520c56519b8…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rfc9f51b4e21…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r65daad30d13…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r6535b2beddf…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rc4779abc1cf…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rcdea97f4d32…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r90327f55db8…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r780c3c210a0…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r0bf3aa065ab…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r077b76cafb6…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rd755dfe5f65…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r5b3693da7ec…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r6f256a1d155…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rd7c8fb305a8…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rc4dbc9907b0…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r694e57d74fc…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rd9ea411a589…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r6b070441871…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r81748d56923…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r0841b06b483…	mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/04/20/3	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r6ac9e263129…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r4a66bfbf622…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r4b1fef117bc…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r111f1ce28b1…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r401b1c592f2…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r64ff94118f6…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r2ea2f054112…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r9974f647238…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rbc075a4ac85…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r40136c2010f…	mailing-listx_refsource_MLIST
https://www.oracle.com//security-alerts/cpujul2021.html	x_refsource_MISC
https://security.netapp.com/advisory/ntap-2021061…	x_refsource_CONFIRM
https://www.debian.org/security/2021/dsa-4949	vendor-advisoryx_refsource_DEBIAN
https://lists.apache.org/thread.html/rd0471252aeb…	mailing-listx_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2021.html	x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
The Eclipse Foundation	Eclipse Jetty	Affected: 7.2.2 , < unspecified (custom) Affected: unspecified , ≤ 9.4.38 (custom) Affected: 10.0.0.alpha0 , < unspecified (custom) Affected: unspecified , ≤ 10.0.1 (custom) Affected: 11.0.0.alpha0 , < unspecified (custom) Affected: unspecified , ≤ 11.0.1 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:40:12.085Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w"
          },
          {
            "name": "[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r17e26cf9a1e3cbc09522d15ece5d7c7a00cdced7641b92a22a783287%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5f172f2dd8fb02f032ef4437218fd4f610605a3dd4f2a024c1e43b94%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra210e38ae0bf615084390b26ba01bb5d66c0a76f232277446ae0948a%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.38 CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re577736ca7da51952c910b345a500b7676ea9931c9b19709b87f292b%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbcd7b477df55857bb6cae21fcc4404683ac98aac1a47551f0dc55486%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9db72e9c33b93eba45a214af588f1d553839b5c3080fc913854a49ab%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re6614b4fe7dbb945409daadb9e1cc73c02383df68bf9334736107a6e%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-dev] 20210407 Re: [VOTE] Apache ZooKeeper release 3.6.3 candidate 1",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r56e5568ac73daedcb3b5affbb4b908999f03d3c1b1ada3920b01e959%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra21b3e6bd9669377139fe33fb46edf6fece3f31375bc42a0dcc964b2%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbba0b02a3287e34af328070dd58f7828612f96e2e64992137f4dc63d%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf99f9a25ca24fe519c9346388f61b5b3a09be31b800bf37f01473ad7%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdf4fe435891e8c35e70ea5da033b4c3da78760f15a8c4212fad89d9f%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad closed pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb11a13e623218c70b9f2a2d0d122fdaaf905e04a2edcd23761894464%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7bf7004c18c914fae3d5a6a0191d477e5b6408d95669b3afbf6efa36%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] asfgit closed pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra9dd15ba8a4fb7e42c7fe948a6d6b3868fd6bbf8e3fb37fcf33b2cd0%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r002258611ed0c35b82b839d284b43db9dcdec120db8afc1c993137dc%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0a241b0649beef90d422b42a26a2470d336e59e66970eafd54f9c3e2%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6.3 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc907ed7b089828364437de5ed57fa062330970dc1bc5cd214b711f77%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210407 [zookeeper] branch master updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r33eb3889ca0aa12720355e64fc2f8f1e8c0c28a4d55b3b4b8891becb%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[hbase-dev] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4abbd760d24bab2b8f1294c5c9216ae915100099c4391ad64e9ae38b%40%3Cdev.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20210407 [GitHub] [hbase-thirdparty] apurtell opened a new pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra50519652b0b7f869a14fbfb4be9758a29171d7fe561bb7e036e8449%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20210407 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdbf2a2cd1800540ae50dd78b57411229223a6172117d62b8e57596aa%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbab9e67ec97591d063905bc7d4743e6a673f1bc457975fc0445ac97f%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20210407 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0f02034a33076fd7243cf3a8807d2766e373f5cb2e7fd0c9a78f97c4%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[spark-issues] 20210408 [jira] [Created] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r03ca0b69db1e3e5f72fe484b71370d537cd711cbf334e2913332730a%40%3Cissues.spark.apache.org%3E"
          },
          {
            "name": "[spark-issues] 20210408 [jira] [Commented] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r83453ec252af729996476e5839d0b28f07294959d60fea1bd76f7d81%40%3Cissues.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5d1f16dca2e010193840068f1a1ec17b7015e91acc646607cbc0a4da%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r940f15db77a96f6aea92d830bc94d8d95f26cc593394d144755824da%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-issues] 20210408 [jira] [Updated] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7c40fb3a66a39b6e6c83b0454bc6917ffe6c69e3131322be9c07a1da%40%3Cissues.spark.apache.org%3E"
          },
          {
            "name": "[spark-issues] 20210408 [jira] [Assigned] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r942f4a903d0abb25ac75c592e57df98dea51350e8589269a72fd7913%40%3Cissues.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf6de4c249bd74007f5f66f683c110535f46e719d2f83a41e8faf295f%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb8f5a6ded384eb00608e6137e87110e7dd7d5054cc34561cb89b81af%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re3a1617d16a7367f767b8209b2151f4c19958196354b39568c532f26%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] HyukjinKwon commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2f2d9c3b7cc750a6763d6388bcf5db0c7b467bd8be6ac4d6aea4f0cf%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0cd1a5e3f4ad4770b44f8aa96572fc09d5b35bec149c0cc247579c42%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdfe5f1c071ba9dadba18d7fb0ff13ea6ecb33da624250c559999eaeb%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9b793db9f395b546e66fb9c44fe1cd75c7755029e944dfee31b8b779%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-issues] 20210408 [jira] [Resolved] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9fae5a4087d9ed1c9d4f0c7493b6981a4741cfb4bebb2416da638424%40%3Cissues.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r769155244ca2da2948a44091bb3bb9a56e7e1c71ecc720b8ecf281f0%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] MaxGekk commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfd3ff6e66b6bbcfb2fefa9f5a20328937c0369b2e142e3e1c6774743%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] MaxGekk closed pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb66ed0b4bb74836add60dd5ddf9172016380b2aeefb7f96fe348537b%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc6c43c3180c0efe00497c73dd374cd34b62036cb67987ad42c1f2dce%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r31f591a0deac927ede8ccc3eac4bb92697ee2361bf01549f9e3440ca%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rae8bbc5a516f3e21b8a55e61ff6ad0ced03bdbd116d2170a3eed9f5c%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbd9a837a18ca57ac0d9b4165a6eec95ee132f55d025666fe41099f33%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/raea6e820644e8c5a577f77d4e2044f8ab52183c2536b00c56738beef%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb1624b9777a3070135e94331a428c6653a6a1edccd56fa9fb7a547f2%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ree1895a256a9db951e0d97a76222909c2e1f28c1a3d89933173deed6%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd6c1eb9a8a94b3ac8a525d74d792924e8469f201b77e1afcf774e7a6%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb2d34abb67cdf525945fe4b821c5cdbca29a78d586ae1f9f505a311c%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb00345f6b1620b553d2cc1acaf3017aa75cea3776b911e024fa3b187%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r05db8e0ef01e1280cc7543575ae0fa1c2b4d06a8b928916ef65dd2ad%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r71031d0acb1de55c9ab32f4750c50ce2f28543252e887ca03bd5621e%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r06d54a297cb8217c66e5190912a955fb870ba47da164002bf2baffe5%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdde34d53aa80193cda016272d61e6749f8a9044ccb37a30768938f7e%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun edited a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r411d75dc6bcefadaaea246549dd18e8d391a880ddf28a796f09ce152%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-commits] 20210408 [spark] branch branch-3.0 updated: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2afc72af069a7fe89ca2de847f3ab3971cb1d668a9497c999946cd78%40%3Ccommits.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun closed pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0a4797ba6ceea8074f47574a4f3cc11493d514c1fab8203ebd212add%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r23785214d47673b811ef119ca3a40f729801865ea1e891572d15faa6%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] viirya commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1b02dfccd27b8bbc3afd119b212452fa32e9ed7d506be9357a3a7ec%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r47a7542ab61da865fff3db0fe74bfe76c89a37b6e6d2c2a423f8baee%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r72bf813ed4737196ea3ed26494e949577be587fd5939fe8be09907c7%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r746434be6abff9ad321ff54ecae09e1f09c1c7c139021f40a5774090%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6ce2907b2691c025250ba010bc797677ef78d5994d08507a2e5477c9%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-commits] 20210408 [spark] branch branch-2.4 updated: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd24d8a059233167b4a5aebda4b3534ca1d86caa8a85b10a73403ee97%40%3Ccommits.spark.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20210408 [GitHub] [hbase-thirdparty] apurtell merged pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7189bf41cb0c483629917a01cf296f9fbdbda3987084595192e3845d%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20210408 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4891d45625cc522fe0eb764ac50d48bcca9c0db4805ea4a998d4c225%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-commits] 20210408 [hbase-thirdparty] branch master updated: HBASE-25746 [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165 (#49)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re0545ecced2d468c94ce4dcfa37d40a9573cc68ef5f6839ffca9c1c1%40%3Ccommits.hbase.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210409 [GitHub] [pulsar] dinghram opened a new pull request #10183: CVE-2021-28165-Jetty",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r520c56519b8820955a86966f499e7a0afcbcf669d6f7da59ef1eb155%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210409 [GitHub] [pulsar] merlimat commented on pull request #10183: CVE-2021-28165-Jetty",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfc9f51b4e21022b3cd6cb6f90791a6a6999560212e519b5f09db0aed%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r65daad30d13f7c56eb5c3d7733ad8dddbf62c469175410777a78d812%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-dev] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6535b2beddf0ed2d263ab64ff365a5f790df135a1a2f45786417adb7%40%3Cdev.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210412 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc4779abc1cface47e956cf9f8910f15d79c24477e7b1ac9be076a825%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai closed pull request #10183: CVE-2021-28165-Jetty",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rcdea97f4d3233298296aabc103c9fcefbf629425418c2b69bb16745f%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai commented on pull request #10183: CVE-2021-28165-Jetty",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r90327f55db8f1d079f9a724aabf1f5eb3c00c1de49dc7fd04cad1ebc%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210412 [jira] [Assigned] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0bf3aa065abd23960fc8bdc8090d6bc00d5e391cf94ec4e1f4537ae3%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r077b76cafb61520c14c87c4fc76419ed664002da0ddac5ad851ae7e7%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd755dfe5f658c42704540ad7950cebd136739089c3231658e398cf38%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210413 [GitHub] [kafka] chia7712 merged pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6f256a1d15505f79f4050a69bb8f27b34cb353604dd2f765c9da5df7%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210413 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc4dbc9907b0bdd634200ac90a15283d9c143c11af66e7ec72128d020%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-dev] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r694e57d74fcaa48818a03c282aecfa13ae68340c798dfcb55cb7acc7%40%3Cdev.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210413 [GitHub] [kafka] chia7712 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd9ea411a58925cc82c32e15f541ead23cb25b4b2d57a2bdb0341536e%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210413 [GitHub] [kafka] edwin092 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6b070441871a4e6ce8bb63e190c879bb60da7c5e15023de29ebd4f9f%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210413 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r81748d56923882543f5be456043c67daef84d631cf54899082058ef1%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E"
          },
          {
            "name": "[oss-security] 20210420 Vulnerability in Jenkins",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/04/20/3"
          },
          {
            "name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E"
          },
          {
            "name": "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E"
          },
          {
            "name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E"
          },
          {
            "name": "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210517 [GitHub] [spark] jeffreysmooth commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r401b1c592f295b811608010a70792b11c91885b72af9f9410cffbe35%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[spark-reviews] 20210517 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r64ff94118f6c80e6c085c6e2d51bbb490eaefad0642db8c936e4f0b7%40%3Creviews.spark.apache.org%3E"
          },
          {
            "name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E"
          },
          {
            "name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E"
          },
          {
            "name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210715 [jira] [Commented] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r40136c2010fccf4fb2818a965e5d7ecca470e5f525c232ec5b8eb83a%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210611-0006/"
          },
          {
            "name": "DSA-4949",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4949"
          },
          {
            "name": "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-28165",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-27T20:37:21.074048Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-755",
                "description": "CWE-755 Improper Handling of Exceptional Conditions",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-27T20:37:23.768Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Eclipse Jetty",
          "vendor": "The Eclipse Foundation",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "7.2.2",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.4.38",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "10.0.0.alpha0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "10.0.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "11.0.0.alpha0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "11.0.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-551",
              "description": "CWE-551",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T23:54:20.000Z",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w"
        },
        {
          "name": "[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r17e26cf9a1e3cbc09522d15ece5d7c7a00cdced7641b92a22a783287%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5f172f2dd8fb02f032ef4437218fd4f610605a3dd4f2a024c1e43b94%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra210e38ae0bf615084390b26ba01bb5d66c0a76f232277446ae0948a%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.38 CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re577736ca7da51952c910b345a500b7676ea9931c9b19709b87f292b%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rbcd7b477df55857bb6cae21fcc4404683ac98aac1a47551f0dc55486%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9db72e9c33b93eba45a214af588f1d553839b5c3080fc913854a49ab%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re6614b4fe7dbb945409daadb9e1cc73c02383df68bf9334736107a6e%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-dev] 20210407 Re: [VOTE] Apache ZooKeeper release 3.6.3 candidate 1",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r56e5568ac73daedcb3b5affbb4b908999f03d3c1b1ada3920b01e959%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra21b3e6bd9669377139fe33fb46edf6fece3f31375bc42a0dcc964b2%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rbba0b02a3287e34af328070dd58f7828612f96e2e64992137f4dc63d%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf99f9a25ca24fe519c9346388f61b5b3a09be31b800bf37f01473ad7%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdf4fe435891e8c35e70ea5da033b4c3da78760f15a8c4212fad89d9f%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad closed pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb11a13e623218c70b9f2a2d0d122fdaaf905e04a2edcd23761894464%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7bf7004c18c914fae3d5a6a0191d477e5b6408d95669b3afbf6efa36%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] asfgit closed pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra9dd15ba8a4fb7e42c7fe948a6d6b3868fd6bbf8e3fb37fcf33b2cd0%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r002258611ed0c35b82b839d284b43db9dcdec120db8afc1c993137dc%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r0a241b0649beef90d422b42a26a2470d336e59e66970eafd54f9c3e2%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6.3 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc907ed7b089828364437de5ed57fa062330970dc1bc5cd214b711f77%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20210407 [zookeeper] branch master updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r33eb3889ca0aa12720355e64fc2f8f1e8c0c28a4d55b3b4b8891becb%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[hbase-dev] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4abbd760d24bab2b8f1294c5c9216ae915100099c4391ad64e9ae38b%40%3Cdev.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20210407 [GitHub] [hbase-thirdparty] apurtell opened a new pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra50519652b0b7f869a14fbfb4be9758a29171d7fe561bb7e036e8449%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20210407 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdbf2a2cd1800540ae50dd78b57411229223a6172117d62b8e57596aa%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rbab9e67ec97591d063905bc7d4743e6a673f1bc457975fc0445ac97f%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20210407 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r0f02034a33076fd7243cf3a8807d2766e373f5cb2e7fd0c9a78f97c4%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[spark-issues] 20210408 [jira] [Created] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r03ca0b69db1e3e5f72fe484b71370d537cd711cbf334e2913332730a%40%3Cissues.spark.apache.org%3E"
        },
        {
          "name": "[spark-issues] 20210408 [jira] [Commented] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r83453ec252af729996476e5839d0b28f07294959d60fea1bd76f7d81%40%3Cissues.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5d1f16dca2e010193840068f1a1ec17b7015e91acc646607cbc0a4da%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r940f15db77a96f6aea92d830bc94d8d95f26cc593394d144755824da%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-issues] 20210408 [jira] [Updated] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7c40fb3a66a39b6e6c83b0454bc6917ffe6c69e3131322be9c07a1da%40%3Cissues.spark.apache.org%3E"
        },
        {
          "name": "[spark-issues] 20210408 [jira] [Assigned] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r942f4a903d0abb25ac75c592e57df98dea51350e8589269a72fd7913%40%3Cissues.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf6de4c249bd74007f5f66f683c110535f46e719d2f83a41e8faf295f%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb8f5a6ded384eb00608e6137e87110e7dd7d5054cc34561cb89b81af%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re3a1617d16a7367f767b8209b2151f4c19958196354b39568c532f26%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] HyukjinKwon commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2f2d9c3b7cc750a6763d6388bcf5db0c7b467bd8be6ac4d6aea4f0cf%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r0cd1a5e3f4ad4770b44f8aa96572fc09d5b35bec149c0cc247579c42%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdfe5f1c071ba9dadba18d7fb0ff13ea6ecb33da624250c559999eaeb%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9b793db9f395b546e66fb9c44fe1cd75c7755029e944dfee31b8b779%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-issues] 20210408 [jira] [Resolved] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9fae5a4087d9ed1c9d4f0c7493b6981a4741cfb4bebb2416da638424%40%3Cissues.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r769155244ca2da2948a44091bb3bb9a56e7e1c71ecc720b8ecf281f0%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] MaxGekk commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfd3ff6e66b6bbcfb2fefa9f5a20328937c0369b2e142e3e1c6774743%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] MaxGekk closed pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb66ed0b4bb74836add60dd5ddf9172016380b2aeefb7f96fe348537b%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc6c43c3180c0efe00497c73dd374cd34b62036cb67987ad42c1f2dce%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r31f591a0deac927ede8ccc3eac4bb92697ee2361bf01549f9e3440ca%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rae8bbc5a516f3e21b8a55e61ff6ad0ced03bdbd116d2170a3eed9f5c%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rbd9a837a18ca57ac0d9b4165a6eec95ee132f55d025666fe41099f33%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/raea6e820644e8c5a577f77d4e2044f8ab52183c2536b00c56738beef%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb1624b9777a3070135e94331a428c6653a6a1edccd56fa9fb7a547f2%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ree1895a256a9db951e0d97a76222909c2e1f28c1a3d89933173deed6%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd6c1eb9a8a94b3ac8a525d74d792924e8469f201b77e1afcf774e7a6%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb2d34abb67cdf525945fe4b821c5cdbca29a78d586ae1f9f505a311c%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb00345f6b1620b553d2cc1acaf3017aa75cea3776b911e024fa3b187%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r05db8e0ef01e1280cc7543575ae0fa1c2b4d06a8b928916ef65dd2ad%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r71031d0acb1de55c9ab32f4750c50ce2f28543252e887ca03bd5621e%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r06d54a297cb8217c66e5190912a955fb870ba47da164002bf2baffe5%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdde34d53aa80193cda016272d61e6749f8a9044ccb37a30768938f7e%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun edited a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r411d75dc6bcefadaaea246549dd18e8d391a880ddf28a796f09ce152%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-commits] 20210408 [spark] branch branch-3.0 updated: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2afc72af069a7fe89ca2de847f3ab3971cb1d668a9497c999946cd78%40%3Ccommits.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun closed pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r0a4797ba6ceea8074f47574a4f3cc11493d514c1fab8203ebd212add%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r23785214d47673b811ef119ca3a40f729801865ea1e891572d15faa6%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] viirya commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1b02dfccd27b8bbc3afd119b212452fa32e9ed7d506be9357a3a7ec%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r47a7542ab61da865fff3db0fe74bfe76c89a37b6e6d2c2a423f8baee%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r72bf813ed4737196ea3ed26494e949577be587fd5939fe8be09907c7%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r746434be6abff9ad321ff54ecae09e1f09c1c7c139021f40a5774090%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6ce2907b2691c025250ba010bc797677ef78d5994d08507a2e5477c9%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-commits] 20210408 [spark] branch branch-2.4 updated: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd24d8a059233167b4a5aebda4b3534ca1d86caa8a85b10a73403ee97%40%3Ccommits.spark.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20210408 [GitHub] [hbase-thirdparty] apurtell merged pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7189bf41cb0c483629917a01cf296f9fbdbda3987084595192e3845d%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20210408 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4891d45625cc522fe0eb764ac50d48bcca9c0db4805ea4a998d4c225%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-commits] 20210408 [hbase-thirdparty] branch master updated: HBASE-25746 [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165 (#49)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re0545ecced2d468c94ce4dcfa37d40a9573cc68ef5f6839ffca9c1c1%40%3Ccommits.hbase.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20210409 [GitHub] [pulsar] dinghram opened a new pull request #10183: CVE-2021-28165-Jetty",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r520c56519b8820955a86966f499e7a0afcbcf669d6f7da59ef1eb155%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20210409 [GitHub] [pulsar] merlimat commented on pull request #10183: CVE-2021-28165-Jetty",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfc9f51b4e21022b3cd6cb6f90791a6a6999560212e519b5f09db0aed%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r65daad30d13f7c56eb5c3d7733ad8dddbf62c469175410777a78d812%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-dev] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6535b2beddf0ed2d263ab64ff365a5f790df135a1a2f45786417adb7%40%3Cdev.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210412 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc4779abc1cface47e956cf9f8910f15d79c24477e7b1ac9be076a825%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai closed pull request #10183: CVE-2021-28165-Jetty",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rcdea97f4d3233298296aabc103c9fcefbf629425418c2b69bb16745f%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai commented on pull request #10183: CVE-2021-28165-Jetty",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r90327f55db8f1d079f9a724aabf1f5eb3c00c1de49dc7fd04cad1ebc%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210412 [jira] [Assigned] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r0bf3aa065abd23960fc8bdc8090d6bc00d5e391cf94ec4e1f4537ae3%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r077b76cafb61520c14c87c4fc76419ed664002da0ddac5ad851ae7e7%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd755dfe5f658c42704540ad7950cebd136739089c3231658e398cf38%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b%40%3Cissues.ignite.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210413 [GitHub] [kafka] chia7712 merged pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6f256a1d15505f79f4050a69bb8f27b34cb353604dd2f765c9da5df7%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e%40%3Cdev.ignite.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210413 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc4dbc9907b0bdd634200ac90a15283d9c143c11af66e7ec72128d020%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-dev] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r694e57d74fcaa48818a03c282aecfa13ae68340c798dfcb55cb7acc7%40%3Cdev.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210413 [GitHub] [kafka] chia7712 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd9ea411a58925cc82c32e15f541ead23cb25b4b2d57a2bdb0341536e%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210413 [GitHub] [kafka] edwin092 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6b070441871a4e6ce8bb63e190c879bb60da7c5e15023de29ebd4f9f%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210413 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r81748d56923882543f5be456043c67daef84d631cf54899082058ef1%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961%40%3Cissues.solr.apache.org%3E"
        },
        {
          "name": "[oss-security] 20210420 Vulnerability in Jenkins",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/04/20/3"
        },
        {
          "name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd%40%3Cissues.ignite.apache.org%3E"
        },
        {
          "name": "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f%40%3Cissues.ignite.apache.org%3E"
        },
        {
          "name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46%40%3Cissues.ignite.apache.org%3E"
        },
        {
          "name": "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66%40%3Cissues.solr.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210517 [GitHub] [spark] jeffreysmooth commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r401b1c592f295b811608010a70792b11c91885b72af9f9410cffbe35%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[spark-reviews] 20210517 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r64ff94118f6c80e6c085c6e2d51bbb490eaefad0642db8c936e4f0b7%40%3Creviews.spark.apache.org%3E"
        },
        {
          "name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81%40%3Cissues.solr.apache.org%3E"
        },
        {
          "name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6%40%3Cissues.solr.apache.org%3E"
        },
        {
          "name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f%40%3Cissues.solr.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210715 [jira] [Commented] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r40136c2010fccf4fb2818a965e5d7ecca470e5f525c232ec5b8eb83a%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210611-0006/"
        },
        {
          "name": "DSA-4949",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4949"
        },
        {
          "name": "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c%40%3Cissues.solr.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@eclipse.org",
          "ID": "CVE-2021-28165",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Eclipse Jetty",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "7.2.2"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "9.4.38"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "10.0.0.alpha0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "10.0.1"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "11.0.0.alpha0"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "11.0.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The Eclipse Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 7.5,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-551"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w",
              "refsource": "CONFIRM",
              "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-26vr-8j45-3r4w"
            },
            {
              "name": "[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r17e26cf9a1e3cbc09522d15ece5d7c7a00cdced7641b92a22a783287@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5f172f2dd8fb02f032ef4437218fd4f610605a3dd4f2a024c1e43b94@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra210e38ae0bf615084390b26ba01bb5d66c0a76f232277446ae0948a@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210407 [jira] [Updated] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.38 CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re577736ca7da51952c910b345a500b7676ea9931c9b19709b87f292b@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rbcd7b477df55857bb6cae21fcc4404683ac98aac1a47551f0dc55486@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9db72e9c33b93eba45a214af588f1d553839b5c3080fc913854a49ab@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4277) dependency-check:check failing - jetty-server-9.4.39 CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re6614b4fe7dbb945409daadb9e1cc73c02383df68bf9334736107a6e@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20210407 Re: [VOTE] Apache ZooKeeper release 3.6.3 candidate 1",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r56e5568ac73daedcb3b5affbb4b908999f03d3c1b1ada3920b01e959@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar opened a new pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra21b3e6bd9669377139fe33fb46edf6fece3f31375bc42a0dcc964b2@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] nkalmar edited a comment on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rbba0b02a3287e34af328070dd58f7828612f96e2e64992137f4dc63d@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf99f9a25ca24fe519c9346388f61b5b3a09be31b800bf37f01473ad7@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdf4fe435891e8c35e70ea5da033b4c3da78760f15a8c4212fad89d9f@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad closed pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb11a13e623218c70b9f2a2d0d122fdaaf905e04a2edcd23761894464@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7bf7004c18c914fae3d5a6a0191d477e5b6408d95669b3afbf6efa36@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] asfgit closed pull request #1675: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra9dd15ba8a4fb7e42c7fe948a6d6b3868fd6bbf8e3fb37fcf33b2cd0@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210407 [GitHub] [zookeeper] arshadmohammad commented on pull request #1676: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r002258611ed0c35b82b839d284b43db9dcdec120db8afc1c993137dc@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r0a241b0649beef90d422b42a26a2470d336e59e66970eafd54f9c3e2@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20210407 [zookeeper] branch branch-3.6.3 updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc907ed7b089828364437de5ed57fa062330970dc1bc5cd214b711f77@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20210407 [zookeeper] branch master updated: ZOOKEEPER-4277: update jetty to 9.4.39 due to CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r33eb3889ca0aa12720355e64fc2f8f1e8c0c28a4d55b3b4b8891becb@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[hbase-dev] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4abbd760d24bab2b8f1294c5c9216ae915100099c4391ad64e9ae38b@%3Cdev.hbase.apache.org%3E"
            },
            {
              "name": "[hbase-issues] 20210407 [GitHub] [hbase-thirdparty] apurtell opened a new pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra50519652b0b7f869a14fbfb4be9758a29171d7fe561bb7e036e8449@%3Cissues.hbase.apache.org%3E"
            },
            {
              "name": "[hbase-issues] 20210407 [GitHub] [hbase-thirdparty] Apache-HBase commented on pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdbf2a2cd1800540ae50dd78b57411229223a6172117d62b8e57596aa@%3Cissues.hbase.apache.org%3E"
            },
            {
              "name": "[hbase-issues] 20210407 [jira] [Created] (HBASE-25746) [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rbab9e67ec97591d063905bc7d4743e6a673f1bc457975fc0445ac97f@%3Cissues.hbase.apache.org%3E"
            },
            {
              "name": "[hbase-issues] 20210407 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r0f02034a33076fd7243cf3a8807d2766e373f5cb2e7fd0c9a78f97c4@%3Cissues.hbase.apache.org%3E"
            },
            {
              "name": "[spark-issues] 20210408 [jira] [Created] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r03ca0b69db1e3e5f72fe484b71370d537cd711cbf334e2913332730a@%3Cissues.spark.apache.org%3E"
            },
            {
              "name": "[spark-issues] 20210408 [jira] [Commented] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r83453ec252af729996476e5839d0b28f07294959d60fea1bd76f7d81@%3Cissues.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5d1f16dca2e010193840068f1a1ec17b7015e91acc646607cbc0a4da@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r940f15db77a96f6aea92d830bc94d8d95f26cc593394d144755824da@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-issues] 20210408 [jira] [Updated] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7c40fb3a66a39b6e6c83b0454bc6917ffe6c69e3131322be9c07a1da@%3Cissues.spark.apache.org%3E"
            },
            {
              "name": "[spark-issues] 20210408 [jira] [Assigned] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r942f4a903d0abb25ac75c592e57df98dea51350e8589269a72fd7913@%3Cissues.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf6de4c249bd74007f5f66f683c110535f46e719d2f83a41e8faf295f@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb8f5a6ded384eb00608e6137e87110e7dd7d5054cc34561cb89b81af@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re3a1617d16a7367f767b8209b2151f4c19958196354b39568c532f26@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] HyukjinKwon commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2f2d9c3b7cc750a6763d6388bcf5db0c7b467bd8be6ac4d6aea4f0cf@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r0cd1a5e3f4ad4770b44f8aa96572fc09d5b35bec149c0cc247579c42@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdfe5f1c071ba9dadba18d7fb0ff13ea6ecb33da624250c559999eaeb@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9b793db9f395b546e66fb9c44fe1cd75c7755029e944dfee31b8b779@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-issues] 20210408 [jira] [Resolved] (SPARK-34988) Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9fae5a4087d9ed1c9d4f0c7493b6981a4741cfb4bebb2416da638424@%3Cissues.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r769155244ca2da2948a44091bb3bb9a56e7e1c71ecc720b8ecf281f0@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] MaxGekk commented on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfd3ff6e66b6bbcfb2fefa9f5a20328937c0369b2e142e3e1c6774743@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] MaxGekk closed pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb66ed0b4bb74836add60dd5ddf9172016380b2aeefb7f96fe348537b@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc6c43c3180c0efe00497c73dd374cd34b62036cb67987ad42c1f2dce@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] sarutak opened a new pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r31f591a0deac927ede8ccc3eac4bb92697ee2361bf01549f9e3440ca@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rae8bbc5a516f3e21b8a55e61ff6ad0ced03bdbd116d2170a3eed9f5c@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rbd9a837a18ca57ac0d9b4165a6eec95ee132f55d025666fe41099f33@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/raea6e820644e8c5a577f77d4e2044f8ab52183c2536b00c56738beef@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb1624b9777a3070135e94331a428c6653a6a1edccd56fa9fb7a547f2@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32091: [SPARK-34988][CORE] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ree1895a256a9db951e0d97a76222909c2e1f28c1a3d89933173deed6@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd6c1eb9a8a94b3ac8a525d74d792924e8469f201b77e1afcf774e7a6@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] AmplabJenkins removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb2d34abb67cdf525945fe4b821c5cdbca29a78d586ae1f9f505a311c@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb00345f6b1620b553d2cc1acaf3017aa75cea3776b911e024fa3b187@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r05db8e0ef01e1280cc7543575ae0fa1c2b4d06a8b928916ef65dd2ad@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] SparkQA removed a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r71031d0acb1de55c9ab32f4750c50ce2f28543252e887ca03bd5621e@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r06d54a297cb8217c66e5190912a955fb870ba47da164002bf2baffe5@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdde34d53aa80193cda016272d61e6749f8a9044ccb37a30768938f7e@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun edited a comment on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r411d75dc6bcefadaaea246549dd18e8d391a880ddf28a796f09ce152@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-commits] 20210408 [spark] branch branch-3.0 updated: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2afc72af069a7fe89ca2de847f3ab3971cb1d668a9497c999946cd78@%3Ccommits.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun closed pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r0a4797ba6ceea8074f47574a4f3cc11493d514c1fab8203ebd212add@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] srowen closed pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r23785214d47673b811ef119ca3a40f729801865ea1e891572d15faa6@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] viirya commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1b02dfccd27b8bbc3afd119b212452fa32e9ed7d506be9357a3a7ec@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r47a7542ab61da865fff3db0fe74bfe76c89a37b6e6d2c2a423f8baee@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32093: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r72bf813ed4737196ea3ed26494e949577be587fd5939fe8be09907c7@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] srowen commented on pull request #32094: [SPARK-34988][CORE][3.0] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r746434be6abff9ad321ff54ecae09e1f09c1c7c139021f40a5774090@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210408 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6ce2907b2691c025250ba010bc797677ef78d5994d08507a2e5477c9@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-commits] 20210408 [spark] branch branch-2.4 updated: [SPARK-34988][CORE][2.4] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd24d8a059233167b4a5aebda4b3534ca1d86caa8a85b10a73403ee97@%3Ccommits.spark.apache.org%3E"
            },
            {
              "name": "[hbase-issues] 20210408 [GitHub] [hbase-thirdparty] apurtell merged pull request #49: HBASE-25746 [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7189bf41cb0c483629917a01cf296f9fbdbda3987084595192e3845d@%3Cissues.hbase.apache.org%3E"
            },
            {
              "name": "[hbase-issues] 20210408 [jira] [Updated] (HBASE-25746) [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4891d45625cc522fe0eb764ac50d48bcca9c0db4805ea4a998d4c225@%3Cissues.hbase.apache.org%3E"
            },
            {
              "name": "[hbase-commits] 20210408 [hbase-thirdparty] branch master updated: HBASE-25746 [hbase-thirdparty] Update jetty to \u003e= 9.4.39 due to CVE-2021-28165 (#49)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re0545ecced2d468c94ce4dcfa37d40a9573cc68ef5f6839ffca9c1c1@%3Ccommits.hbase.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210409 [GitHub] [pulsar] dinghram opened a new pull request #10183: CVE-2021-28165-Jetty",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r520c56519b8820955a86966f499e7a0afcbcf669d6f7da59ef1eb155@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210409 [GitHub] [pulsar] merlimat commented on pull request #10183: CVE-2021-28165-Jetty",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfc9f51b4e21022b3cd6cb6f90791a6a6999560212e519b5f09db0aed@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r65daad30d13f7c56eb5c3d7733ad8dddbf62c469175410777a78d812@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20210412 [jira] [Created] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6535b2beddf0ed2d263ab64ff365a5f790df135a1a2f45786417adb7@%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210412 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc4779abc1cface47e956cf9f8910f15d79c24477e7b1ac9be076a825@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai closed pull request #10183: CVE-2021-28165-Jetty",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rcdea97f4d3233298296aabc103c9fcefbf629425418c2b69bb16745f@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210412 [GitHub] [pulsar] jiazhai commented on pull request #10183: CVE-2021-28165-Jetty",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r90327f55db8f1d079f9a724aabf1f5eb3c00c1de49dc7fd04cad1ebc@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr opened a new pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r780c3c210a05c5bf7b4671303f46afc3fe56758e92864e1a5f0590d0@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210412 [jira] [Assigned] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r0bf3aa065abd23960fc8bdc8090d6bc00d5e391cf94ec4e1f4537ae3@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210412 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r077b76cafb61520c14c87c4fc76419ed664002da0ddac5ad851ae7e7@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd755dfe5f658c42704540ad7950cebd136739089c3231658e398cf38@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[ignite-issues] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5b3693da7ecb8a75c0e930b4ca26a5f97aa0207d9dae4aa8cc65fe6b@%3Cissues.ignite.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210413 [GitHub] [kafka] chia7712 merged pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6f256a1d15505f79f4050a69bb8f27b34cb353604dd2f765c9da5df7@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[ignite-dev] 20210413 [jira] [Created] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd7c8fb305a8637480dc943ba08424c8992dccad018cd1405eb2afe0e@%3Cdev.ignite.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210413 [jira] [Updated] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc4dbc9907b0bdd634200ac90a15283d9c143c11af66e7ec72128d020@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20210413 [jira] [Resolved] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r694e57d74fcaa48818a03c282aecfa13ae68340c798dfcb55cb7acc7@%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210413 [GitHub] [kafka] chia7712 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd9ea411a58925cc82c32e15f541ead23cb25b4b2d57a2bdb0341536e@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210413 [GitHub] [kafka] edwin092 commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6b070441871a4e6ce8bb63e190c879bb60da7c5e15023de29ebd4f9f@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210413 [GitHub] [kafka] dongjinleekr commented on pull request #10526: KAFKA-12655: CVE-2021-28165 - Upgrade jetty to 9.4.39",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r81748d56923882543f5be456043c67daef84d631cf54899082058ef1@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[solr-issues] 20210414 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r0841b06b48324cfc81325de3c05a92e53f997185f9d71ff47734d961@%3Cissues.solr.apache.org%3E"
            },
            {
              "name": "[oss-security] 20210420 Vulnerability in Jenkins",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/04/20/3"
            },
            {
              "name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6ac9e263129328c0db9940d72b4a6062e703c58918dd34bd22cdf8dd@%3Cissues.ignite.apache.org%3E"
            },
            {
              "name": "[ignite-issues] 20210426 [jira] [Commented] (IGNITE-14527) CVE-2021-2816[3,4,5] in Jetty",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4a66bfbf62281e31bc1345ebecbfd96f35199eecd77bfe4e903e906f@%3Cissues.ignite.apache.org%3E"
            },
            {
              "name": "[ignite-issues] 20210426 [jira] [Updated] (IGNITE-14527) Upgrade Jetty version to fix CVE-2021-2816[3,4,5] in Jetty",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4b1fef117bccc7f5fd4c45fd2cabc26838df823fe5ca94bc42a4fd46@%3Cissues.ignite.apache.org%3E"
            },
            {
              "name": "[solr-issues] 20210507 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r111f1ce28b133a8090ca4f809a1bdf18a777426fc058dc3a16c39c66@%3Cissues.solr.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210517 [GitHub] [spark] jeffreysmooth commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r401b1c592f295b811608010a70792b11c91885b72af9f9410cffbe35@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[spark-reviews] 20210517 [GitHub] [spark] dongjoon-hyun commented on pull request #32095: [SPARK-34988][CORE][3.1] Upgrade Jetty for CVE-2021-28165",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r64ff94118f6c80e6c085c6e2d51bbb490eaefad0642db8c936e4f0b7@%3Creviews.spark.apache.org%3E"
            },
            {
              "name": "[solr-issues] 20210623 [jira] [Updated] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2ea2f0541121f17e470a0184843720046c59d4bde6d42bf5ca6fad81@%3Cissues.solr.apache.org%3E"
            },
            {
              "name": "[solr-issues] 20210711 [jira] [Created] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E"
            },
            {
              "name": "[solr-issues] 20210711 [jira] [Updated] (SOLR-15529) High security vulnerability in JDOM library bundled within Solr 8.9 CVE-2021-33813",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rbc075a4ac85e7a8e47420b7383f16ffa0af3b792b8423584735f369f@%3Cissues.solr.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210715 [jira] [Commented] (KAFKA-12655) CVE-2021-28165 - Upgrade jetty to 9.4.39",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r40136c2010fccf4fb2818a965e5d7ecca470e5f525c232ec5b8eb83a@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210611-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210611-0006/"
            },
            {
              "name": "DSA-4949",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4949"
            },
            {
              "name": "[solr-issues] 20210813 [jira] [Resolved] (SOLR-15338) High security vulnerability in Jetty library CVE-2021-28163 (+5) bundled within Solr",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd0471252aeb3384c3cfa6d131374646d4641b80dd313e7b476c47a9c@%3Cissues.solr.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2021-28165",
    "datePublished": "2021-04-01T14:20:14.000Z",
    "dateReserved": "2021-03-12T00:00:00.000Z",
    "dateUpdated": "2025-08-27T20:37:23.768Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-3114 (GCVE-0-2021-3114)

Vulnerability from cvelistv5 – Published: 2021-01-26 02:23 – Updated: 2024-08-03 16:45

Summary

In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

8 references

URL	Tags
https://groups.google.com/g/golang-announce/c/mpe…	x_refsource_CONFIRM
https://github.com/golang/go/commit/d95ca9138026c…	x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://www.debian.org/security/2021/dsa-4848	vendor-advisoryx_refsource_DEBIAN
https://security.netapp.com/advisory/ntap-2021021…	x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
https://security.gentoo.org/glsa/202208-02	vendor-advisoryx_refsource_GENTOO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:45:51.301Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871"
          },
          {
            "name": "FEDORA-2021-e435a8bb88",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/"
          },
          {
            "name": "DSA-4848",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4848"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210219-0001/"
          },
          {
            "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
          },
          {
            "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
          },
          {
            "name": "GLSA-202208-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-04T15:06:51.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871"
        },
        {
          "name": "FEDORA-2021-e435a8bb88",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/"
        },
        {
          "name": "DSA-4848",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4848"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210219-0001/"
        },
        {
          "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
        },
        {
          "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
        },
        {
          "name": "GLSA-202208-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-3114",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groups.google.com/g/golang-announce/c/mperVMGa98w",
              "refsource": "CONFIRM",
              "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w"
            },
            {
              "name": "https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871",
              "refsource": "CONFIRM",
              "url": "https://github.com/golang/go/commit/d95ca9138026cbe40e0857d76a81a16d03230871"
            },
            {
              "name": "FEDORA-2021-e435a8bb88",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YWAYJGXWC232SG3UR3TR574E6BP3OSQQ/"
            },
            {
              "name": "DSA-4848",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4848"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210219-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210219-0001/"
            },
            {
              "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2591-1] golang-1.7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00014.html"
            },
            {
              "name": "[debian-lts-announce] 20210313 [SECURITY] [DLA 2592-1] golang-1.8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00015.html"
            },
            {
              "name": "GLSA-202208-02",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202208-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-3114",
    "datePublished": "2021-01-26T02:23:18.000Z",
    "dateReserved": "2021-01-11T00:00:00.000Z",
    "dateUpdated": "2024-08-03T16:45:51.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2021_1551

CVE-2020-28362 (GCVE-0-2020-28362)

CVE-2021-21639 (GCVE-0-2021-21639)

CVE-2021-21640 (GCVE-0-2021-21640)

CVE-2021-28163 (GCVE-0-2021-28163)

CVE-2021-28165 (GCVE-0-2021-28165)

CVE-2021-3114 (GCVE-0-2021-3114)

Tags

Sightings

Nomenclature