rhsa-2021_2500
Vulnerability from csaf_redhat
Published
2021-06-29 06:30
Modified
2024-11-05 23:44
Summary
Red Hat Security Advisory: Red Hat OpenShift Enterprise security and bug fix update
Notes
Topic
Red Hat OpenShift Container Platform release 4.6.36 is now available with
updates to packages and images that fix several bugs and add enhancements.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing
Kubernetes application platform solution designed for on-premise or private
cloud deployments.
Security Fix(es):
* nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920)
* nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922)
* nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)
* nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Setting up Kibana and Elasticsearch replica to 0, Kibana pods are created and indexmanagement jobs (BZ#1942609)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat OpenShift Container Platform release 4.6.36 is now available with\nupdates to packages and images that fix several bugs and add enhancements.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution (CVE-2019-20920)\n\n* nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS (CVE-2019-20922)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Setting up Kibana and Elasticsearch replica to 0, Kibana pods are created and indexmanagement jobs (BZ#1942609)", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:2500", "url": "https://access.redhat.com/errata/RHSA-2021:2500" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1882256", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882256" }, { "category": "external", "summary": "1882260", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882260" }, { "category": "external", "summary": "1942609", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942609" }, { "category": "external", "summary": "1948761", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948761" }, { "category": "external", "summary": "1956688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956688" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2500.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Enterprise security and bug fix update", "tracking": { "current_release_date": "2024-11-05T23:44:16+00:00", "generator": { "date": "2024-11-05T23:44:16+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:2500", "initial_release_date": "2021-06-29T06:30:05+00:00", "revision_history": [ { "date": "2021-06-29T06:30:05+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-06-29T06:30:05+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T23:44:16+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 4.6", "product": { "name": "Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:4.6::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "openshift4/ose-cluster-logging-operator@sha256:f9003b1a4d6f0a2cc033f4d39e25592c3a509393ba13e857c1ad4251db9045ca_s390x", "product": { "name": "openshift4/ose-cluster-logging-operator@sha256:f9003b1a4d6f0a2cc033f4d39e25592c3a509393ba13e857c1ad4251db9045ca_s390x", "product_id": "openshift4/ose-cluster-logging-operator@sha256:f9003b1a4d6f0a2cc033f4d39e25592c3a509393ba13e857c1ad4251db9045ca_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-logging-operator@sha256:f9003b1a4d6f0a2cc033f4d39e25592c3a509393ba13e857c1ad4251db9045ca?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-logging-operator\u0026tag=v4.6.0-202106181629.p0.git.c7e8377" } } }, { "category": "product_version", "name": "openshift4/ose-elasticsearch-operator@sha256:0aacdde0fe2cd3e3332d75f557a5127e81f22543d403286b563d5b53907fabbc_s390x", "product": { "name": "openshift4/ose-elasticsearch-operator@sha256:0aacdde0fe2cd3e3332d75f557a5127e81f22543d403286b563d5b53907fabbc_s390x", "product_id": "openshift4/ose-elasticsearch-operator@sha256:0aacdde0fe2cd3e3332d75f557a5127e81f22543d403286b563d5b53907fabbc_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-elasticsearch-operator@sha256:0aacdde0fe2cd3e3332d75f557a5127e81f22543d403286b563d5b53907fabbc?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-elasticsearch-operator\u0026tag=v4.6.0-202106181629.p0.git.c07c7ab" } } }, { "category": "product_version", "name": "openshift4/ose-logging-curator5@sha256:75485d0c331b66fa4996cd2f642e370d241fc93560214a40ce2fd9385b7f3946_s390x", "product": { "name": "openshift4/ose-logging-curator5@sha256:75485d0c331b66fa4996cd2f642e370d241fc93560214a40ce2fd9385b7f3946_s390x", "product_id": "openshift4/ose-logging-curator5@sha256:75485d0c331b66fa4996cd2f642e370d241fc93560214a40ce2fd9385b7f3946_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-logging-curator5@sha256:75485d0c331b66fa4996cd2f642e370d241fc93560214a40ce2fd9385b7f3946?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-logging-curator5\u0026tag=v4.6.0-202106181629.p0.git.40f3e72" } } }, { "category": "product_version", "name": "openshift4/ose-logging-elasticsearch6@sha256:9422f9defd336d0f88bfb90c30ece336f06dd4524fdcc98a2d73d0fcfb7921bc_s390x", "product": { "name": "openshift4/ose-logging-elasticsearch6@sha256:9422f9defd336d0f88bfb90c30ece336f06dd4524fdcc98a2d73d0fcfb7921bc_s390x", "product_id": "openshift4/ose-logging-elasticsearch6@sha256:9422f9defd336d0f88bfb90c30ece336f06dd4524fdcc98a2d73d0fcfb7921bc_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-logging-elasticsearch6@sha256:9422f9defd336d0f88bfb90c30ece336f06dd4524fdcc98a2d73d0fcfb7921bc?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-logging-elasticsearch6\u0026tag=v4.6.0-202106181629.p0.git.40f3e72" } } }, { "category": "product_version", "name": "openshift4/ose-logging-fluentd@sha256:511b93c6e86d30f43d31ef06d1b998202d1f7ef3517a0d0432bbef97f3da8b51_s390x", "product": { "name": "openshift4/ose-logging-fluentd@sha256:511b93c6e86d30f43d31ef06d1b998202d1f7ef3517a0d0432bbef97f3da8b51_s390x", "product_id": "openshift4/ose-logging-fluentd@sha256:511b93c6e86d30f43d31ef06d1b998202d1f7ef3517a0d0432bbef97f3da8b51_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-logging-fluentd@sha256:511b93c6e86d30f43d31ef06d1b998202d1f7ef3517a0d0432bbef97f3da8b51?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-logging-fluentd\u0026tag=v4.6.0-202106181629.p0.git.40f3e72" } } }, { "category": "product_version", "name": "openshift4/ose-logging-kibana6@sha256:2ebb7a246cf1e286e187f02db46342749a801bd3daf562aeddf283e36b5776ea_s390x", "product": { "name": "openshift4/ose-logging-kibana6@sha256:2ebb7a246cf1e286e187f02db46342749a801bd3daf562aeddf283e36b5776ea_s390x", "product_id": "openshift4/ose-logging-kibana6@sha256:2ebb7a246cf1e286e187f02db46342749a801bd3daf562aeddf283e36b5776ea_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-logging-kibana6@sha256:2ebb7a246cf1e286e187f02db46342749a801bd3daf562aeddf283e36b5776ea?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-logging-kibana6\u0026tag=v4.6.0-202106181629.p0.git.40f3e72" } } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:984875b9b014c265f25e5ea8b7a4266d48a83ecc23c3862dcb3a0caec8f6c43f_s390x", "product": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:984875b9b014c265f25e5ea8b7a4266d48a83ecc23c3862dcb3a0caec8f6c43f_s390x", "product_id": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:984875b9b014c265f25e5ea8b7a4266d48a83ecc23c3862dcb3a0caec8f6c43f_s390x", "product_identification_helper": { "purl": "pkg:oci/ose-jenkins-agent-nodejs-10-rhel8@sha256:984875b9b014c265f25e5ea8b7a4266d48a83ecc23c3862dcb3a0caec8f6c43f?arch=s390x\u0026repository_url=registry.redhat.io/openshift4/ose-jenkins-agent-nodejs-10-rhel8\u0026tag=v4.6.0-202106160917.p0.git.4d96f05" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift4/ose-cluster-logging-operator@sha256:b79954d4318d225f17b3a39a83a2b23090201849010147bea007ba1187364224_amd64", "product": { "name": "openshift4/ose-cluster-logging-operator@sha256:b79954d4318d225f17b3a39a83a2b23090201849010147bea007ba1187364224_amd64", "product_id": "openshift4/ose-cluster-logging-operator@sha256:b79954d4318d225f17b3a39a83a2b23090201849010147bea007ba1187364224_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-logging-operator@sha256:b79954d4318d225f17b3a39a83a2b23090201849010147bea007ba1187364224?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-logging-operator\u0026tag=v4.6.0-202106181629.p0.git.c7e8377" } } }, { "category": "product_version", "name": "openshift4/ose-elasticsearch-operator@sha256:b53a9453c35968050accabadcdd4fc918b3893861a5152a5aa92ed6e79d87b67_amd64", "product": { "name": "openshift4/ose-elasticsearch-operator@sha256:b53a9453c35968050accabadcdd4fc918b3893861a5152a5aa92ed6e79d87b67_amd64", "product_id": "openshift4/ose-elasticsearch-operator@sha256:b53a9453c35968050accabadcdd4fc918b3893861a5152a5aa92ed6e79d87b67_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-elasticsearch-operator@sha256:b53a9453c35968050accabadcdd4fc918b3893861a5152a5aa92ed6e79d87b67?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-elasticsearch-operator\u0026tag=v4.6.0-202106181629.p0.git.c07c7ab" } } }, { "category": "product_version", "name": "openshift4/ose-logging-curator5@sha256:69ae721c70713d7b96c8cb7310f027106240f69356c8a7f23db85428d3fd7748_amd64", "product": { "name": "openshift4/ose-logging-curator5@sha256:69ae721c70713d7b96c8cb7310f027106240f69356c8a7f23db85428d3fd7748_amd64", "product_id": "openshift4/ose-logging-curator5@sha256:69ae721c70713d7b96c8cb7310f027106240f69356c8a7f23db85428d3fd7748_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-logging-curator5@sha256:69ae721c70713d7b96c8cb7310f027106240f69356c8a7f23db85428d3fd7748?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-logging-curator5\u0026tag=v4.6.0-202106181629.p0.git.40f3e72" } } }, { "category": "product_version", "name": "openshift4/ose-logging-elasticsearch6@sha256:566d93dc1560cd55dad6122214bcfde9a58cd3fdcb0f07e8a7102b30a3a111f2_amd64", "product": { "name": "openshift4/ose-logging-elasticsearch6@sha256:566d93dc1560cd55dad6122214bcfde9a58cd3fdcb0f07e8a7102b30a3a111f2_amd64", "product_id": "openshift4/ose-logging-elasticsearch6@sha256:566d93dc1560cd55dad6122214bcfde9a58cd3fdcb0f07e8a7102b30a3a111f2_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-logging-elasticsearch6@sha256:566d93dc1560cd55dad6122214bcfde9a58cd3fdcb0f07e8a7102b30a3a111f2?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-logging-elasticsearch6\u0026tag=v4.6.0-202106181629.p0.git.40f3e72" } } }, { "category": "product_version", "name": "openshift4/ose-logging-fluentd@sha256:402a4a1cff69e71f4f6748c2cfb41577d884d3336bba6097e35fe93bcf7d0e5a_amd64", "product": { "name": "openshift4/ose-logging-fluentd@sha256:402a4a1cff69e71f4f6748c2cfb41577d884d3336bba6097e35fe93bcf7d0e5a_amd64", "product_id": "openshift4/ose-logging-fluentd@sha256:402a4a1cff69e71f4f6748c2cfb41577d884d3336bba6097e35fe93bcf7d0e5a_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-logging-fluentd@sha256:402a4a1cff69e71f4f6748c2cfb41577d884d3336bba6097e35fe93bcf7d0e5a?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-logging-fluentd\u0026tag=v4.6.0-202106181629.p0.git.40f3e72" } } }, { "category": "product_version", "name": "openshift4/ose-logging-kibana6@sha256:dcad4765e041cee0ccc825603f7a4c3250ffd3577a66778f5140dfee58fdbc2c_amd64", "product": { "name": "openshift4/ose-logging-kibana6@sha256:dcad4765e041cee0ccc825603f7a4c3250ffd3577a66778f5140dfee58fdbc2c_amd64", "product_id": "openshift4/ose-logging-kibana6@sha256:dcad4765e041cee0ccc825603f7a4c3250ffd3577a66778f5140dfee58fdbc2c_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-logging-kibana6@sha256:dcad4765e041cee0ccc825603f7a4c3250ffd3577a66778f5140dfee58fdbc2c?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-logging-kibana6\u0026tag=v4.6.0-202106181629.p0.git.40f3e72" } } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:829dc83ff6afbdf52f795f0ee46ab8ccfd154ed09760971183a9e87d90b834fe_amd64", "product": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:829dc83ff6afbdf52f795f0ee46ab8ccfd154ed09760971183a9e87d90b834fe_amd64", "product_id": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:829dc83ff6afbdf52f795f0ee46ab8ccfd154ed09760971183a9e87d90b834fe_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-jenkins-agent-nodejs-10-rhel8@sha256:829dc83ff6afbdf52f795f0ee46ab8ccfd154ed09760971183a9e87d90b834fe?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-jenkins-agent-nodejs-10-rhel8\u0026tag=v4.6.0-202106160917.p0.git.4d96f05" } } }, { "category": "product_version", "name": "openshift4/ose-metering-ansible-operator@sha256:07b66cb72cbb2208c20dd20fa0ee2b711ea8519f9171ccaa6ed721ef709026c4_amd64", "product": { "name": "openshift4/ose-metering-ansible-operator@sha256:07b66cb72cbb2208c20dd20fa0ee2b711ea8519f9171ccaa6ed721ef709026c4_amd64", "product_id": "openshift4/ose-metering-ansible-operator@sha256:07b66cb72cbb2208c20dd20fa0ee2b711ea8519f9171ccaa6ed721ef709026c4_amd64", "product_identification_helper": { "purl": "pkg:oci/ose-metering-ansible-operator@sha256:07b66cb72cbb2208c20dd20fa0ee2b711ea8519f9171ccaa6ed721ef709026c4?arch=amd64\u0026repository_url=registry.redhat.io/openshift4/ose-metering-ansible-operator\u0026tag=v4.6.0-202106160917.p0.git.d74112d" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift4/ose-cluster-logging-operator@sha256:9ec64bf850e6ecf3d8b74c1d3bc96e3ef813be52c782b653b4d1de0a3912d97c_ppc64le", "product": { "name": "openshift4/ose-cluster-logging-operator@sha256:9ec64bf850e6ecf3d8b74c1d3bc96e3ef813be52c782b653b4d1de0a3912d97c_ppc64le", "product_id": "openshift4/ose-cluster-logging-operator@sha256:9ec64bf850e6ecf3d8b74c1d3bc96e3ef813be52c782b653b4d1de0a3912d97c_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-cluster-logging-operator@sha256:9ec64bf850e6ecf3d8b74c1d3bc96e3ef813be52c782b653b4d1de0a3912d97c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-cluster-logging-operator\u0026tag=v4.6.0-202106181629.p0.git.c7e8377" } } }, { "category": "product_version", "name": "openshift4/ose-elasticsearch-operator@sha256:183a9a68771f4685064abcf6e4df19efcc9597eee3d140d05194db183327e9c5_ppc64le", "product": { "name": "openshift4/ose-elasticsearch-operator@sha256:183a9a68771f4685064abcf6e4df19efcc9597eee3d140d05194db183327e9c5_ppc64le", "product_id": "openshift4/ose-elasticsearch-operator@sha256:183a9a68771f4685064abcf6e4df19efcc9597eee3d140d05194db183327e9c5_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-elasticsearch-operator@sha256:183a9a68771f4685064abcf6e4df19efcc9597eee3d140d05194db183327e9c5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-elasticsearch-operator\u0026tag=v4.6.0-202106181629.p0.git.c07c7ab" } } }, { "category": "product_version", "name": "openshift4/ose-logging-curator5@sha256:c740bbd097ad59afda31268852167ef831ea68cb5890984482d0749dfa68de97_ppc64le", "product": { "name": "openshift4/ose-logging-curator5@sha256:c740bbd097ad59afda31268852167ef831ea68cb5890984482d0749dfa68de97_ppc64le", "product_id": "openshift4/ose-logging-curator5@sha256:c740bbd097ad59afda31268852167ef831ea68cb5890984482d0749dfa68de97_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-logging-curator5@sha256:c740bbd097ad59afda31268852167ef831ea68cb5890984482d0749dfa68de97?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-logging-curator5\u0026tag=v4.6.0-202106181629.p0.git.40f3e72" } } }, { "category": "product_version", "name": "openshift4/ose-logging-elasticsearch6@sha256:d4a56c38d2481af3f5be1e12499849c6630b80f2210e15df0925828780548a60_ppc64le", "product": { "name": "openshift4/ose-logging-elasticsearch6@sha256:d4a56c38d2481af3f5be1e12499849c6630b80f2210e15df0925828780548a60_ppc64le", "product_id": "openshift4/ose-logging-elasticsearch6@sha256:d4a56c38d2481af3f5be1e12499849c6630b80f2210e15df0925828780548a60_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-logging-elasticsearch6@sha256:d4a56c38d2481af3f5be1e12499849c6630b80f2210e15df0925828780548a60?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-logging-elasticsearch6\u0026tag=v4.6.0-202106181629.p0.git.40f3e72" } } }, { "category": "product_version", "name": "openshift4/ose-logging-fluentd@sha256:a3efef334dffd89a498460e5965f96d2097e36ebdf9f29a9cce66f8f46b528f5_ppc64le", "product": { "name": "openshift4/ose-logging-fluentd@sha256:a3efef334dffd89a498460e5965f96d2097e36ebdf9f29a9cce66f8f46b528f5_ppc64le", "product_id": "openshift4/ose-logging-fluentd@sha256:a3efef334dffd89a498460e5965f96d2097e36ebdf9f29a9cce66f8f46b528f5_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-logging-fluentd@sha256:a3efef334dffd89a498460e5965f96d2097e36ebdf9f29a9cce66f8f46b528f5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-logging-fluentd\u0026tag=v4.6.0-202106181629.p0.git.40f3e72" } } }, { "category": "product_version", "name": "openshift4/ose-logging-kibana6@sha256:a56a03988a016b7b9f4f54cffa91667dff7af9fc436ca49385369dca75aa6f29_ppc64le", "product": { "name": "openshift4/ose-logging-kibana6@sha256:a56a03988a016b7b9f4f54cffa91667dff7af9fc436ca49385369dca75aa6f29_ppc64le", "product_id": "openshift4/ose-logging-kibana6@sha256:a56a03988a016b7b9f4f54cffa91667dff7af9fc436ca49385369dca75aa6f29_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-logging-kibana6@sha256:a56a03988a016b7b9f4f54cffa91667dff7af9fc436ca49385369dca75aa6f29?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-logging-kibana6\u0026tag=v4.6.0-202106181629.p0.git.40f3e72" } } }, { "category": "product_version", "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:6a9a798c1b961fb17f1685dc3e8b4c8380fb2d5efc59f9f611ac9494793e5b01_ppc64le", "product": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:6a9a798c1b961fb17f1685dc3e8b4c8380fb2d5efc59f9f611ac9494793e5b01_ppc64le", "product_id": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:6a9a798c1b961fb17f1685dc3e8b4c8380fb2d5efc59f9f611ac9494793e5b01_ppc64le", "product_identification_helper": { "purl": "pkg:oci/ose-jenkins-agent-nodejs-10-rhel8@sha256:6a9a798c1b961fb17f1685dc3e8b4c8380fb2d5efc59f9f611ac9494793e5b01?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift4/ose-jenkins-agent-nodejs-10-rhel8\u0026tag=v4.6.0-202106160917.p0.git.4d96f05" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-logging-operator@sha256:9ec64bf850e6ecf3d8b74c1d3bc96e3ef813be52c782b653b4d1de0a3912d97c_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:9ec64bf850e6ecf3d8b74c1d3bc96e3ef813be52c782b653b4d1de0a3912d97c_ppc64le" }, "product_reference": "openshift4/ose-cluster-logging-operator@sha256:9ec64bf850e6ecf3d8b74c1d3bc96e3ef813be52c782b653b4d1de0a3912d97c_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-logging-operator@sha256:b79954d4318d225f17b3a39a83a2b23090201849010147bea007ba1187364224_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:b79954d4318d225f17b3a39a83a2b23090201849010147bea007ba1187364224_amd64" }, "product_reference": "openshift4/ose-cluster-logging-operator@sha256:b79954d4318d225f17b3a39a83a2b23090201849010147bea007ba1187364224_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-cluster-logging-operator@sha256:f9003b1a4d6f0a2cc033f4d39e25592c3a509393ba13e857c1ad4251db9045ca_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:f9003b1a4d6f0a2cc033f4d39e25592c3a509393ba13e857c1ad4251db9045ca_s390x" }, "product_reference": "openshift4/ose-cluster-logging-operator@sha256:f9003b1a4d6f0a2cc033f4d39e25592c3a509393ba13e857c1ad4251db9045ca_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-elasticsearch-operator@sha256:0aacdde0fe2cd3e3332d75f557a5127e81f22543d403286b563d5b53907fabbc_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:0aacdde0fe2cd3e3332d75f557a5127e81f22543d403286b563d5b53907fabbc_s390x" }, "product_reference": "openshift4/ose-elasticsearch-operator@sha256:0aacdde0fe2cd3e3332d75f557a5127e81f22543d403286b563d5b53907fabbc_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-elasticsearch-operator@sha256:183a9a68771f4685064abcf6e4df19efcc9597eee3d140d05194db183327e9c5_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:183a9a68771f4685064abcf6e4df19efcc9597eee3d140d05194db183327e9c5_ppc64le" }, "product_reference": "openshift4/ose-elasticsearch-operator@sha256:183a9a68771f4685064abcf6e4df19efcc9597eee3d140d05194db183327e9c5_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-elasticsearch-operator@sha256:b53a9453c35968050accabadcdd4fc918b3893861a5152a5aa92ed6e79d87b67_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:b53a9453c35968050accabadcdd4fc918b3893861a5152a5aa92ed6e79d87b67_amd64" }, "product_reference": "openshift4/ose-elasticsearch-operator@sha256:b53a9453c35968050accabadcdd4fc918b3893861a5152a5aa92ed6e79d87b67_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:6a9a798c1b961fb17f1685dc3e8b4c8380fb2d5efc59f9f611ac9494793e5b01_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:6a9a798c1b961fb17f1685dc3e8b4c8380fb2d5efc59f9f611ac9494793e5b01_ppc64le" }, "product_reference": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:6a9a798c1b961fb17f1685dc3e8b4c8380fb2d5efc59f9f611ac9494793e5b01_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:829dc83ff6afbdf52f795f0ee46ab8ccfd154ed09760971183a9e87d90b834fe_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:829dc83ff6afbdf52f795f0ee46ab8ccfd154ed09760971183a9e87d90b834fe_amd64" }, "product_reference": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:829dc83ff6afbdf52f795f0ee46ab8ccfd154ed09760971183a9e87d90b834fe_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:984875b9b014c265f25e5ea8b7a4266d48a83ecc23c3862dcb3a0caec8f6c43f_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:984875b9b014c265f25e5ea8b7a4266d48a83ecc23c3862dcb3a0caec8f6c43f_s390x" }, "product_reference": "openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:984875b9b014c265f25e5ea8b7a4266d48a83ecc23c3862dcb3a0caec8f6c43f_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-curator5@sha256:69ae721c70713d7b96c8cb7310f027106240f69356c8a7f23db85428d3fd7748_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:69ae721c70713d7b96c8cb7310f027106240f69356c8a7f23db85428d3fd7748_amd64" }, "product_reference": "openshift4/ose-logging-curator5@sha256:69ae721c70713d7b96c8cb7310f027106240f69356c8a7f23db85428d3fd7748_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-curator5@sha256:75485d0c331b66fa4996cd2f642e370d241fc93560214a40ce2fd9385b7f3946_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:75485d0c331b66fa4996cd2f642e370d241fc93560214a40ce2fd9385b7f3946_s390x" }, "product_reference": "openshift4/ose-logging-curator5@sha256:75485d0c331b66fa4996cd2f642e370d241fc93560214a40ce2fd9385b7f3946_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-curator5@sha256:c740bbd097ad59afda31268852167ef831ea68cb5890984482d0749dfa68de97_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:c740bbd097ad59afda31268852167ef831ea68cb5890984482d0749dfa68de97_ppc64le" }, "product_reference": "openshift4/ose-logging-curator5@sha256:c740bbd097ad59afda31268852167ef831ea68cb5890984482d0749dfa68de97_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-elasticsearch6@sha256:566d93dc1560cd55dad6122214bcfde9a58cd3fdcb0f07e8a7102b30a3a111f2_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:566d93dc1560cd55dad6122214bcfde9a58cd3fdcb0f07e8a7102b30a3a111f2_amd64" }, "product_reference": "openshift4/ose-logging-elasticsearch6@sha256:566d93dc1560cd55dad6122214bcfde9a58cd3fdcb0f07e8a7102b30a3a111f2_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-elasticsearch6@sha256:9422f9defd336d0f88bfb90c30ece336f06dd4524fdcc98a2d73d0fcfb7921bc_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:9422f9defd336d0f88bfb90c30ece336f06dd4524fdcc98a2d73d0fcfb7921bc_s390x" }, "product_reference": "openshift4/ose-logging-elasticsearch6@sha256:9422f9defd336d0f88bfb90c30ece336f06dd4524fdcc98a2d73d0fcfb7921bc_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-elasticsearch6@sha256:d4a56c38d2481af3f5be1e12499849c6630b80f2210e15df0925828780548a60_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:d4a56c38d2481af3f5be1e12499849c6630b80f2210e15df0925828780548a60_ppc64le" }, "product_reference": "openshift4/ose-logging-elasticsearch6@sha256:d4a56c38d2481af3f5be1e12499849c6630b80f2210e15df0925828780548a60_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-fluentd@sha256:402a4a1cff69e71f4f6748c2cfb41577d884d3336bba6097e35fe93bcf7d0e5a_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:402a4a1cff69e71f4f6748c2cfb41577d884d3336bba6097e35fe93bcf7d0e5a_amd64" }, "product_reference": "openshift4/ose-logging-fluentd@sha256:402a4a1cff69e71f4f6748c2cfb41577d884d3336bba6097e35fe93bcf7d0e5a_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-fluentd@sha256:511b93c6e86d30f43d31ef06d1b998202d1f7ef3517a0d0432bbef97f3da8b51_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:511b93c6e86d30f43d31ef06d1b998202d1f7ef3517a0d0432bbef97f3da8b51_s390x" }, "product_reference": "openshift4/ose-logging-fluentd@sha256:511b93c6e86d30f43d31ef06d1b998202d1f7ef3517a0d0432bbef97f3da8b51_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-fluentd@sha256:a3efef334dffd89a498460e5965f96d2097e36ebdf9f29a9cce66f8f46b528f5_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:a3efef334dffd89a498460e5965f96d2097e36ebdf9f29a9cce66f8f46b528f5_ppc64le" }, "product_reference": "openshift4/ose-logging-fluentd@sha256:a3efef334dffd89a498460e5965f96d2097e36ebdf9f29a9cce66f8f46b528f5_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-kibana6@sha256:2ebb7a246cf1e286e187f02db46342749a801bd3daf562aeddf283e36b5776ea_s390x as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:2ebb7a246cf1e286e187f02db46342749a801bd3daf562aeddf283e36b5776ea_s390x" }, "product_reference": "openshift4/ose-logging-kibana6@sha256:2ebb7a246cf1e286e187f02db46342749a801bd3daf562aeddf283e36b5776ea_s390x", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-kibana6@sha256:a56a03988a016b7b9f4f54cffa91667dff7af9fc436ca49385369dca75aa6f29_ppc64le as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:a56a03988a016b7b9f4f54cffa91667dff7af9fc436ca49385369dca75aa6f29_ppc64le" }, "product_reference": "openshift4/ose-logging-kibana6@sha256:a56a03988a016b7b9f4f54cffa91667dff7af9fc436ca49385369dca75aa6f29_ppc64le", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-logging-kibana6@sha256:dcad4765e041cee0ccc825603f7a4c3250ffd3577a66778f5140dfee58fdbc2c_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:dcad4765e041cee0ccc825603f7a4c3250ffd3577a66778f5140dfee58fdbc2c_amd64" }, "product_reference": "openshift4/ose-logging-kibana6@sha256:dcad4765e041cee0ccc825603f7a4c3250ffd3577a66778f5140dfee58fdbc2c_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" }, { "category": "default_component_of", "full_product_name": { "name": "openshift4/ose-metering-ansible-operator@sha256:07b66cb72cbb2208c20dd20fa0ee2b711ea8519f9171ccaa6ed721ef709026c4_amd64 as a component of Red Hat OpenShift Container Platform 4.6", "product_id": "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:07b66cb72cbb2208c20dd20fa0ee2b711ea8519f9171ccaa6ed721ef709026c4_amd64" }, "product_reference": "openshift4/ose-metering-ansible-operator@sha256:07b66cb72cbb2208c20dd20fa0ee2b711ea8519f9171ccaa6ed721ef709026c4_amd64", "relates_to_product_reference": "8Base-RHOSE-4.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2019-20920", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2020-09-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:9ec64bf850e6ecf3d8b74c1d3bc96e3ef813be52c782b653b4d1de0a3912d97c_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:b79954d4318d225f17b3a39a83a2b23090201849010147bea007ba1187364224_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:f9003b1a4d6f0a2cc033f4d39e25592c3a509393ba13e857c1ad4251db9045ca_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:0aacdde0fe2cd3e3332d75f557a5127e81f22543d403286b563d5b53907fabbc_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:183a9a68771f4685064abcf6e4df19efcc9597eee3d140d05194db183327e9c5_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:b53a9453c35968050accabadcdd4fc918b3893861a5152a5aa92ed6e79d87b67_amd64", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:6a9a798c1b961fb17f1685dc3e8b4c8380fb2d5efc59f9f611ac9494793e5b01_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:829dc83ff6afbdf52f795f0ee46ab8ccfd154ed09760971183a9e87d90b834fe_amd64", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:984875b9b014c265f25e5ea8b7a4266d48a83ecc23c3862dcb3a0caec8f6c43f_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:69ae721c70713d7b96c8cb7310f027106240f69356c8a7f23db85428d3fd7748_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:75485d0c331b66fa4996cd2f642e370d241fc93560214a40ce2fd9385b7f3946_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:c740bbd097ad59afda31268852167ef831ea68cb5890984482d0749dfa68de97_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:566d93dc1560cd55dad6122214bcfde9a58cd3fdcb0f07e8a7102b30a3a111f2_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:9422f9defd336d0f88bfb90c30ece336f06dd4524fdcc98a2d73d0fcfb7921bc_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:d4a56c38d2481af3f5be1e12499849c6630b80f2210e15df0925828780548a60_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:402a4a1cff69e71f4f6748c2cfb41577d884d3336bba6097e35fe93bcf7d0e5a_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:511b93c6e86d30f43d31ef06d1b998202d1f7ef3517a0d0432bbef97f3da8b51_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:a3efef334dffd89a498460e5965f96d2097e36ebdf9f29a9cce66f8f46b528f5_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:07b66cb72cbb2208c20dd20fa0ee2b711ea8519f9171ccaa6ed721ef709026c4_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1882260" } ], "notes": [ { "category": "description", "text": "A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to arbitrary code execution. The package lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript into the system. This issue is used to run arbitrary code in a server processing Handlebars templates or on a victim\u0027s browser (effectively serving as Cross-Site Scripting). The highest threat from this vulnerability is to confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat Virtualization includes Handlebars.js in two components. In ovirt-engine-ui-extentions, the version used is newer and is not affected by this flaw. In ovirt-web-ui, Handlebars.js is included as a development dependency and is not used at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat OpenShift Container Platform (OCP) 4 delivers the kibana package, which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. The openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code. The vulnerable version of Handlebars.js is also included in openshift4/ose-grafana, but as the Grafana instance is in read-only mode, the configuration/dashboards cannot be modified.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:2ebb7a246cf1e286e187f02db46342749a801bd3daf562aeddf283e36b5776ea_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:a56a03988a016b7b9f4f54cffa91667dff7af9fc436ca49385369dca75aa6f29_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:dcad4765e041cee0ccc825603f7a4c3250ffd3577a66778f5140dfee58fdbc2c_amd64" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:9ec64bf850e6ecf3d8b74c1d3bc96e3ef813be52c782b653b4d1de0a3912d97c_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:b79954d4318d225f17b3a39a83a2b23090201849010147bea007ba1187364224_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:f9003b1a4d6f0a2cc033f4d39e25592c3a509393ba13e857c1ad4251db9045ca_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:0aacdde0fe2cd3e3332d75f557a5127e81f22543d403286b563d5b53907fabbc_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:183a9a68771f4685064abcf6e4df19efcc9597eee3d140d05194db183327e9c5_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:b53a9453c35968050accabadcdd4fc918b3893861a5152a5aa92ed6e79d87b67_amd64", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:6a9a798c1b961fb17f1685dc3e8b4c8380fb2d5efc59f9f611ac9494793e5b01_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:829dc83ff6afbdf52f795f0ee46ab8ccfd154ed09760971183a9e87d90b834fe_amd64", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:984875b9b014c265f25e5ea8b7a4266d48a83ecc23c3862dcb3a0caec8f6c43f_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:69ae721c70713d7b96c8cb7310f027106240f69356c8a7f23db85428d3fd7748_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:75485d0c331b66fa4996cd2f642e370d241fc93560214a40ce2fd9385b7f3946_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:c740bbd097ad59afda31268852167ef831ea68cb5890984482d0749dfa68de97_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:566d93dc1560cd55dad6122214bcfde9a58cd3fdcb0f07e8a7102b30a3a111f2_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:9422f9defd336d0f88bfb90c30ece336f06dd4524fdcc98a2d73d0fcfb7921bc_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:d4a56c38d2481af3f5be1e12499849c6630b80f2210e15df0925828780548a60_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:402a4a1cff69e71f4f6748c2cfb41577d884d3336bba6097e35fe93bcf7d0e5a_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:511b93c6e86d30f43d31ef06d1b998202d1f7ef3517a0d0432bbef97f3da8b51_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:a3efef334dffd89a498460e5965f96d2097e36ebdf9f29a9cce66f8f46b528f5_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:07b66cb72cbb2208c20dd20fa0ee2b711ea8519f9171ccaa6ed721ef709026c4_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-20920" }, { "category": "external", "summary": "RHBZ#1882260", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882260" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20920", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20920" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20920", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20920" }, { "category": "external", "summary": "https://www.npmjs.com/advisories/1316", "url": "https://www.npmjs.com/advisories/1316" }, { "category": "external", "summary": "https://www.npmjs.com/advisories/1324", "url": "https://www.npmjs.com/advisories/1324" } ], "release_date": "2019-11-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-29T06:30:05+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:2ebb7a246cf1e286e187f02db46342749a801bd3daf562aeddf283e36b5776ea_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:a56a03988a016b7b9f4f54cffa91667dff7af9fc436ca49385369dca75aa6f29_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:dcad4765e041cee0ccc825603f7a4c3250ffd3577a66778f5140dfee58fdbc2c_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2500" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:L", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:2ebb7a246cf1e286e187f02db46342749a801bd3daf562aeddf283e36b5776ea_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:a56a03988a016b7b9f4f54cffa91667dff7af9fc436ca49385369dca75aa6f29_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:dcad4765e041cee0ccc825603f7a4c3250ffd3577a66778f5140dfee58fdbc2c_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-handlebars: lookup helper fails to properly validate templates allowing for arbitrary JavaScript execution" }, { "cve": "CVE-2019-20922", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-09-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:9ec64bf850e6ecf3d8b74c1d3bc96e3ef813be52c782b653b4d1de0a3912d97c_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:b79954d4318d225f17b3a39a83a2b23090201849010147bea007ba1187364224_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:f9003b1a4d6f0a2cc033f4d39e25592c3a509393ba13e857c1ad4251db9045ca_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:0aacdde0fe2cd3e3332d75f557a5127e81f22543d403286b563d5b53907fabbc_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:183a9a68771f4685064abcf6e4df19efcc9597eee3d140d05194db183327e9c5_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:b53a9453c35968050accabadcdd4fc918b3893861a5152a5aa92ed6e79d87b67_amd64", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:6a9a798c1b961fb17f1685dc3e8b4c8380fb2d5efc59f9f611ac9494793e5b01_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:829dc83ff6afbdf52f795f0ee46ab8ccfd154ed09760971183a9e87d90b834fe_amd64", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:984875b9b014c265f25e5ea8b7a4266d48a83ecc23c3862dcb3a0caec8f6c43f_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:69ae721c70713d7b96c8cb7310f027106240f69356c8a7f23db85428d3fd7748_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:75485d0c331b66fa4996cd2f642e370d241fc93560214a40ce2fd9385b7f3946_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:c740bbd097ad59afda31268852167ef831ea68cb5890984482d0749dfa68de97_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:566d93dc1560cd55dad6122214bcfde9a58cd3fdcb0f07e8a7102b30a3a111f2_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:9422f9defd336d0f88bfb90c30ece336f06dd4524fdcc98a2d73d0fcfb7921bc_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:d4a56c38d2481af3f5be1e12499849c6630b80f2210e15df0925828780548a60_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:402a4a1cff69e71f4f6748c2cfb41577d884d3336bba6097e35fe93bcf7d0e5a_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:511b93c6e86d30f43d31ef06d1b998202d1f7ef3517a0d0432bbef97f3da8b51_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:a3efef334dffd89a498460e5965f96d2097e36ebdf9f29a9cce66f8f46b528f5_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:07b66cb72cbb2208c20dd20fa0ee2b711ea8519f9171ccaa6ed721ef709026c4_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1882256" } ], "notes": [ { "category": "description", "text": "A flaw was found in nodejs-handlebars, where affected versions of handlebars are vulnerable to a denial of service. The package\u0027s parser may be forced into an endless loop while processing specially-crafted templates. This flaw allows attackers to exhaust system resources, leading to a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat Virtualization includes Handlebars.js in two components. In ovirt-engine-ui-extentions, the version used is newer and not affected by this flaw. In the ovirt-web-ui,Handlebars.js is included as a development dependency and is not used at runtime to process templates, so it has been given a low impact rating.\n\nRed Hat OpenShift Container Platform (OCP) 4 delivers the kibana package, which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. The openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code. The vulnerable version of Handlebars.js is also included in openshift4/ose-grafana, but as the Grafana instance is in read-only mode, the configuration/dashboards cannot be modified.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:2ebb7a246cf1e286e187f02db46342749a801bd3daf562aeddf283e36b5776ea_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:a56a03988a016b7b9f4f54cffa91667dff7af9fc436ca49385369dca75aa6f29_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:dcad4765e041cee0ccc825603f7a4c3250ffd3577a66778f5140dfee58fdbc2c_amd64" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:9ec64bf850e6ecf3d8b74c1d3bc96e3ef813be52c782b653b4d1de0a3912d97c_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:b79954d4318d225f17b3a39a83a2b23090201849010147bea007ba1187364224_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:f9003b1a4d6f0a2cc033f4d39e25592c3a509393ba13e857c1ad4251db9045ca_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:0aacdde0fe2cd3e3332d75f557a5127e81f22543d403286b563d5b53907fabbc_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:183a9a68771f4685064abcf6e4df19efcc9597eee3d140d05194db183327e9c5_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:b53a9453c35968050accabadcdd4fc918b3893861a5152a5aa92ed6e79d87b67_amd64", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:6a9a798c1b961fb17f1685dc3e8b4c8380fb2d5efc59f9f611ac9494793e5b01_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:829dc83ff6afbdf52f795f0ee46ab8ccfd154ed09760971183a9e87d90b834fe_amd64", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:984875b9b014c265f25e5ea8b7a4266d48a83ecc23c3862dcb3a0caec8f6c43f_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:69ae721c70713d7b96c8cb7310f027106240f69356c8a7f23db85428d3fd7748_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:75485d0c331b66fa4996cd2f642e370d241fc93560214a40ce2fd9385b7f3946_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:c740bbd097ad59afda31268852167ef831ea68cb5890984482d0749dfa68de97_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:566d93dc1560cd55dad6122214bcfde9a58cd3fdcb0f07e8a7102b30a3a111f2_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:9422f9defd336d0f88bfb90c30ece336f06dd4524fdcc98a2d73d0fcfb7921bc_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:d4a56c38d2481af3f5be1e12499849c6630b80f2210e15df0925828780548a60_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:402a4a1cff69e71f4f6748c2cfb41577d884d3336bba6097e35fe93bcf7d0e5a_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:511b93c6e86d30f43d31ef06d1b998202d1f7ef3517a0d0432bbef97f3da8b51_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:a3efef334dffd89a498460e5965f96d2097e36ebdf9f29a9cce66f8f46b528f5_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:07b66cb72cbb2208c20dd20fa0ee2b711ea8519f9171ccaa6ed721ef709026c4_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-20922" }, { "category": "external", "summary": "RHBZ#1882256", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882256" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-20922", "url": "https://www.cve.org/CVERecord?id=CVE-2019-20922" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-20922", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20922" }, { "category": "external", "summary": "https://www.npmjs.com/advisories/1300", "url": "https://www.npmjs.com/advisories/1300" } ], "release_date": "2019-11-04T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-29T06:30:05+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:2ebb7a246cf1e286e187f02db46342749a801bd3daf562aeddf283e36b5776ea_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:a56a03988a016b7b9f4f54cffa91667dff7af9fc436ca49385369dca75aa6f29_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:dcad4765e041cee0ccc825603f7a4c3250ffd3577a66778f5140dfee58fdbc2c_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2500" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:2ebb7a246cf1e286e187f02db46342749a801bd3daf562aeddf283e36b5776ea_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:a56a03988a016b7b9f4f54cffa91667dff7af9fc436ca49385369dca75aa6f29_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:dcad4765e041cee0ccc825603f7a4c3250ffd3577a66778f5140dfee58fdbc2c_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-handlebars: an endless loop while processing specially-crafted templates leads to DoS" }, { "cve": "CVE-2021-23369", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2021-04-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:9ec64bf850e6ecf3d8b74c1d3bc96e3ef813be52c782b653b4d1de0a3912d97c_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:b79954d4318d225f17b3a39a83a2b23090201849010147bea007ba1187364224_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:f9003b1a4d6f0a2cc033f4d39e25592c3a509393ba13e857c1ad4251db9045ca_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:0aacdde0fe2cd3e3332d75f557a5127e81f22543d403286b563d5b53907fabbc_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:183a9a68771f4685064abcf6e4df19efcc9597eee3d140d05194db183327e9c5_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:b53a9453c35968050accabadcdd4fc918b3893861a5152a5aa92ed6e79d87b67_amd64", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:6a9a798c1b961fb17f1685dc3e8b4c8380fb2d5efc59f9f611ac9494793e5b01_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:829dc83ff6afbdf52f795f0ee46ab8ccfd154ed09760971183a9e87d90b834fe_amd64", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:984875b9b014c265f25e5ea8b7a4266d48a83ecc23c3862dcb3a0caec8f6c43f_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:69ae721c70713d7b96c8cb7310f027106240f69356c8a7f23db85428d3fd7748_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:75485d0c331b66fa4996cd2f642e370d241fc93560214a40ce2fd9385b7f3946_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:c740bbd097ad59afda31268852167ef831ea68cb5890984482d0749dfa68de97_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:566d93dc1560cd55dad6122214bcfde9a58cd3fdcb0f07e8a7102b30a3a111f2_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:9422f9defd336d0f88bfb90c30ece336f06dd4524fdcc98a2d73d0fcfb7921bc_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:d4a56c38d2481af3f5be1e12499849c6630b80f2210e15df0925828780548a60_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:402a4a1cff69e71f4f6748c2cfb41577d884d3336bba6097e35fe93bcf7d0e5a_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:511b93c6e86d30f43d31ef06d1b998202d1f7ef3517a0d0432bbef97f3da8b51_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:a3efef334dffd89a498460e5965f96d2097e36ebdf9f29a9cce66f8f46b528f5_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:07b66cb72cbb2208c20dd20fa0ee2b711ea8519f9171ccaa6ed721ef709026c4_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1948761" } ], "notes": [ { "category": "description", "text": "A flaw was found in nodejs-handlebars. A missing check when getting prototype properties in the template function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system (e.g. browser or server) when the template is compiled with the strict:true option. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenShift Container Platform (OCP) 4 delivers the kibana package which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. \nThe openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code.\n\nIn OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) some components include the vulnerable handlebars library, but access is protected by OpenShift OAuth what reducing impact by this flaw to LOW.\n\nRed Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates so have been given a low impact rating.\n\nRed Hat Gluster Storage 3 bundles vulnerable Handlebars.js (with pcs), however it does not use \"strict\" option and templates from external sources, hence this issue has been rated as having a security impact of Low.\n\nIn Red Hat Virtualization ovirt-engine-ui-extensions and ovirt-web-ui Handlebars.js is included as a dependency of conventional-changelog-writer, it does not impact production code and as such has been given a low impact rating and set to wontfix. Handlebars.js may be updated to a newer version in future updates.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:2ebb7a246cf1e286e187f02db46342749a801bd3daf562aeddf283e36b5776ea_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:a56a03988a016b7b9f4f54cffa91667dff7af9fc436ca49385369dca75aa6f29_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:dcad4765e041cee0ccc825603f7a4c3250ffd3577a66778f5140dfee58fdbc2c_amd64" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:9ec64bf850e6ecf3d8b74c1d3bc96e3ef813be52c782b653b4d1de0a3912d97c_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:b79954d4318d225f17b3a39a83a2b23090201849010147bea007ba1187364224_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:f9003b1a4d6f0a2cc033f4d39e25592c3a509393ba13e857c1ad4251db9045ca_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:0aacdde0fe2cd3e3332d75f557a5127e81f22543d403286b563d5b53907fabbc_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:183a9a68771f4685064abcf6e4df19efcc9597eee3d140d05194db183327e9c5_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:b53a9453c35968050accabadcdd4fc918b3893861a5152a5aa92ed6e79d87b67_amd64", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:6a9a798c1b961fb17f1685dc3e8b4c8380fb2d5efc59f9f611ac9494793e5b01_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:829dc83ff6afbdf52f795f0ee46ab8ccfd154ed09760971183a9e87d90b834fe_amd64", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:984875b9b014c265f25e5ea8b7a4266d48a83ecc23c3862dcb3a0caec8f6c43f_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:69ae721c70713d7b96c8cb7310f027106240f69356c8a7f23db85428d3fd7748_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:75485d0c331b66fa4996cd2f642e370d241fc93560214a40ce2fd9385b7f3946_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:c740bbd097ad59afda31268852167ef831ea68cb5890984482d0749dfa68de97_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:566d93dc1560cd55dad6122214bcfde9a58cd3fdcb0f07e8a7102b30a3a111f2_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:9422f9defd336d0f88bfb90c30ece336f06dd4524fdcc98a2d73d0fcfb7921bc_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:d4a56c38d2481af3f5be1e12499849c6630b80f2210e15df0925828780548a60_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:402a4a1cff69e71f4f6748c2cfb41577d884d3336bba6097e35fe93bcf7d0e5a_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:511b93c6e86d30f43d31ef06d1b998202d1f7ef3517a0d0432bbef97f3da8b51_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:a3efef334dffd89a498460e5965f96d2097e36ebdf9f29a9cce66f8f46b528f5_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:07b66cb72cbb2208c20dd20fa0ee2b711ea8519f9171ccaa6ed721ef709026c4_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-23369" }, { "category": "external", "summary": "RHBZ#1948761", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948761" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23369", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23369" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23369", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23369" } ], "release_date": "2021-04-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-29T06:30:05+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:2ebb7a246cf1e286e187f02db46342749a801bd3daf562aeddf283e36b5776ea_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:a56a03988a016b7b9f4f54cffa91667dff7af9fc436ca49385369dca75aa6f29_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:dcad4765e041cee0ccc825603f7a4c3250ffd3577a66778f5140dfee58fdbc2c_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2500" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:2ebb7a246cf1e286e187f02db46342749a801bd3daf562aeddf283e36b5776ea_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:a56a03988a016b7b9f4f54cffa91667dff7af9fc436ca49385369dca75aa6f29_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:dcad4765e041cee0ccc825603f7a4c3250ffd3577a66778f5140dfee58fdbc2c_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option" }, { "cve": "CVE-2021-23383", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2021-04-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:9ec64bf850e6ecf3d8b74c1d3bc96e3ef813be52c782b653b4d1de0a3912d97c_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:b79954d4318d225f17b3a39a83a2b23090201849010147bea007ba1187364224_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:f9003b1a4d6f0a2cc033f4d39e25592c3a509393ba13e857c1ad4251db9045ca_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:0aacdde0fe2cd3e3332d75f557a5127e81f22543d403286b563d5b53907fabbc_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:183a9a68771f4685064abcf6e4df19efcc9597eee3d140d05194db183327e9c5_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:b53a9453c35968050accabadcdd4fc918b3893861a5152a5aa92ed6e79d87b67_amd64", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:6a9a798c1b961fb17f1685dc3e8b4c8380fb2d5efc59f9f611ac9494793e5b01_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:829dc83ff6afbdf52f795f0ee46ab8ccfd154ed09760971183a9e87d90b834fe_amd64", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:984875b9b014c265f25e5ea8b7a4266d48a83ecc23c3862dcb3a0caec8f6c43f_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:69ae721c70713d7b96c8cb7310f027106240f69356c8a7f23db85428d3fd7748_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:75485d0c331b66fa4996cd2f642e370d241fc93560214a40ce2fd9385b7f3946_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:c740bbd097ad59afda31268852167ef831ea68cb5890984482d0749dfa68de97_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:566d93dc1560cd55dad6122214bcfde9a58cd3fdcb0f07e8a7102b30a3a111f2_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:9422f9defd336d0f88bfb90c30ece336f06dd4524fdcc98a2d73d0fcfb7921bc_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:d4a56c38d2481af3f5be1e12499849c6630b80f2210e15df0925828780548a60_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:402a4a1cff69e71f4f6748c2cfb41577d884d3336bba6097e35fe93bcf7d0e5a_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:511b93c6e86d30f43d31ef06d1b998202d1f7ef3517a0d0432bbef97f3da8b51_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:a3efef334dffd89a498460e5965f96d2097e36ebdf9f29a9cce66f8f46b528f5_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:07b66cb72cbb2208c20dd20fa0ee2b711ea8519f9171ccaa6ed721ef709026c4_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956688" } ], "notes": [ { "category": "description", "text": "A flaw was found in nodejs-handlebars. A unescaped value in the JavaScriptCompiler.prototype.depthedLookup function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system (e.g. browser or server) when the template is compiled with the compat:true option. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenShift Container Platform (OCP) 4 delivers the kibana component which includes Handlebars.js. Starting in 4.6, kibana is shipping as \"container first\" content. As such, the fix for OCP will be seen in the affected products table under openshift4/ose-logging-kibana6. The separate package \"kibana\" listed under \"OpenShift Container Platform 4\" is only used by 4.5 and earlier and will not be fixed.\n\nIn OpenShift Container Platform (OCP) and OpenShift ServiceMesh (OSSM) some components include the vulnerable handlebars library, but access is protected by OpenShift OAuth what reducing impact by this flaw to LOW.\n\nRed Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates so have been given a low impact rating.\n\nRed Hat Gluster Storage 3 bundles vulnerable Handlebars.js (with pcs), however it does not use \"compat\" option and templates from external sources, hence this issue has been rated as having a security impact of Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:2ebb7a246cf1e286e187f02db46342749a801bd3daf562aeddf283e36b5776ea_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:a56a03988a016b7b9f4f54cffa91667dff7af9fc436ca49385369dca75aa6f29_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:dcad4765e041cee0ccc825603f7a4c3250ffd3577a66778f5140dfee58fdbc2c_amd64" ], "known_not_affected": [ "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:9ec64bf850e6ecf3d8b74c1d3bc96e3ef813be52c782b653b4d1de0a3912d97c_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:b79954d4318d225f17b3a39a83a2b23090201849010147bea007ba1187364224_amd64", "8Base-RHOSE-4.6:openshift4/ose-cluster-logging-operator@sha256:f9003b1a4d6f0a2cc033f4d39e25592c3a509393ba13e857c1ad4251db9045ca_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:0aacdde0fe2cd3e3332d75f557a5127e81f22543d403286b563d5b53907fabbc_s390x", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:183a9a68771f4685064abcf6e4df19efcc9597eee3d140d05194db183327e9c5_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-elasticsearch-operator@sha256:b53a9453c35968050accabadcdd4fc918b3893861a5152a5aa92ed6e79d87b67_amd64", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:6a9a798c1b961fb17f1685dc3e8b4c8380fb2d5efc59f9f611ac9494793e5b01_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:829dc83ff6afbdf52f795f0ee46ab8ccfd154ed09760971183a9e87d90b834fe_amd64", "8Base-RHOSE-4.6:openshift4/ose-jenkins-agent-nodejs-10-rhel8@sha256:984875b9b014c265f25e5ea8b7a4266d48a83ecc23c3862dcb3a0caec8f6c43f_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:69ae721c70713d7b96c8cb7310f027106240f69356c8a7f23db85428d3fd7748_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:75485d0c331b66fa4996cd2f642e370d241fc93560214a40ce2fd9385b7f3946_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-curator5@sha256:c740bbd097ad59afda31268852167ef831ea68cb5890984482d0749dfa68de97_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:566d93dc1560cd55dad6122214bcfde9a58cd3fdcb0f07e8a7102b30a3a111f2_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:9422f9defd336d0f88bfb90c30ece336f06dd4524fdcc98a2d73d0fcfb7921bc_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-elasticsearch6@sha256:d4a56c38d2481af3f5be1e12499849c6630b80f2210e15df0925828780548a60_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:402a4a1cff69e71f4f6748c2cfb41577d884d3336bba6097e35fe93bcf7d0e5a_amd64", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:511b93c6e86d30f43d31ef06d1b998202d1f7ef3517a0d0432bbef97f3da8b51_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-fluentd@sha256:a3efef334dffd89a498460e5965f96d2097e36ebdf9f29a9cce66f8f46b528f5_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-metering-ansible-operator@sha256:07b66cb72cbb2208c20dd20fa0ee2b711ea8519f9171ccaa6ed721ef709026c4_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-23383" }, { "category": "external", "summary": "RHBZ#1956688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956688" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23383", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23383" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23383", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23383" } ], "release_date": "2021-04-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-29T06:30:05+00:00", "details": "For OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster-cli.html", "product_ids": [ "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:2ebb7a246cf1e286e187f02db46342749a801bd3daf562aeddf283e36b5776ea_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:a56a03988a016b7b9f4f54cffa91667dff7af9fc436ca49385369dca75aa6f29_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:dcad4765e041cee0ccc825603f7a4c3250ffd3577a66778f5140dfee58fdbc2c_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2500" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:2ebb7a246cf1e286e187f02db46342749a801bd3daf562aeddf283e36b5776ea_s390x", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:a56a03988a016b7b9f4f54cffa91667dff7af9fc436ca49385369dca75aa6f29_ppc64le", "8Base-RHOSE-4.6:openshift4/ose-logging-kibana6@sha256:dcad4765e041cee0ccc825603f7a4c3250ffd3577a66778f5140dfee58fdbc2c_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.