rhsa-2021_2543
Vulnerability from csaf_redhat
Published
2021-06-24 15:19
Modified
2024-11-24 20:22
Summary
Red Hat Security Advisory: Red Hat OpenShift Jaeger 1.20.4 security update
Notes
Topic
An update is now available for Red Hat OpenShift Jaeger 1.20.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Jaeger is Red Hat's distribution of the Jaeger project,
tailored for installation into an on-premise OpenShift Container Platform
installation.
Security Fix(es):
* libthrift: potential DoS when processing untrusted payloads (CVE-2020-13949)
* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)
* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)
* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)
* nodejs-lodash: command injection via template (CVE-2021-23337)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat OpenShift Jaeger 1.20.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Jaeger is Red Hat\u0027s distribution of the Jaeger project,\ntailored for installation into an on-premise OpenShift Container Platform\ninstallation.\n\nSecurity Fix(es):\n\n* libthrift: potential DoS when processing untrusted payloads (CVE-2020-13949)\n\n* golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)\n\n* golang: crypto/elliptic: incorrect operations on the P-224 curve (CVE-2021-3114)\n\n* nodejs-lodash: command injection via template (CVE-2021-23337)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:2543", "url": "https://access.redhat.com/errata/RHSA-2021:2543" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "1897635", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635" }, { "category": "external", "summary": "1918750", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750" }, { "category": "external", "summary": "1928172", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928172" }, { "category": "external", "summary": "1928937", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928937" }, { "category": "external", "summary": "1928954", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928954" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_2543.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Jaeger 1.20.4 security update", "tracking": { "current_release_date": "2024-11-24T20:22:27+00:00", "generator": { "date": "2024-11-24T20:22:27+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.1" } }, "id": "RHSA-2021:2543", "initial_release_date": "2021-06-24T15:19:30+00:00", "revision_history": [ { "date": "2021-06-24T15:19:30+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-06-24T15:19:30+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-24T20:22:27+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Jaeger 1.20", "product": { "name": "Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20", "product_identification_helper": { "cpe": "cpe:/a:redhat:jaeger:1.20::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Jaeger" }, { "branches": [ { "category": "product_version", "name": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "product": { "name": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "product_id": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-agent-rhel8\u0026tag=1.20.4-18" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "product": { "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "product_id": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel8\u0026tag=1.20.4-18" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "product": { "name": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "product_id": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-collector-rhel8\u0026tag=1.20.4-18" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "product": { "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "product_id": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel8\u0026tag=1.20.4-7" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x", "product": { "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x", "product_id": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel8\u0026tag=1.20.4-7" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "product": { "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "product_id": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-ingester-rhel8\u0026tag=1.20.4-17" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "product": { "name": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "product_id": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-query-rhel8\u0026tag=1.20.4-18" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "product": { "name": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "product_id": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-rhel8-operator\u0026tag=1.20.4-18" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "product": { "name": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "product_id": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-agent-rhel8\u0026tag=1.20.4-18" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "product": { "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "product_id": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel8\u0026tag=1.20.4-18" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "product": { "name": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "product_id": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-collector-rhel8\u0026tag=1.20.4-18" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "product": { "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "product_id": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel8\u0026tag=1.20.4-7" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "product": { "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "product_id": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel8\u0026tag=1.20.4-7" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "product": { "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "product_id": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-ingester-rhel8\u0026tag=1.20.4-17" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "product": { "name": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "product_id": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-query-rhel8\u0026tag=1.20.4-18" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "product": { "name": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "product_id": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-rhel8-operator\u0026tag=1.20.4-18" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "product": { "name": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "product_id": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-agent-rhel8\u0026tag=1.20.4-18" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "product": { "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "product_id": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel8\u0026tag=1.20.4-18" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "product": { "name": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "product_id": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-collector-rhel8\u0026tag=1.20.4-18" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "product": { "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "product_id": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel8\u0026tag=1.20.4-7" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "product": { "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "product_id": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel8\u0026tag=1.20.4-7" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "product": { "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "product_id": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-ingester-rhel8\u0026tag=1.20.4-17" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "product": { "name": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "product_id": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-query-rhel8\u0026tag=1.20.4-18" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64", "product": { "name": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64", "product_id": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-rhel8-operator\u0026tag=1.20.4-18" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64 as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64" }, "product_reference": "distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x" }, "product_reference": "distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le" }, "product_reference": "distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64 as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64" }, "product_reference": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le" }, "product_reference": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x" }, "product_reference": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64 as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64" }, "product_reference": "distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le" }, "product_reference": "distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x" }, "product_reference": "distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64 as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64" }, "product_reference": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x" }, "product_reference": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le" }, "product_reference": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le" }, "product_reference": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64 as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64" }, "product_reference": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x" }, "product_reference": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le" }, "product_reference": "distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x" }, "product_reference": "distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64 as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64" }, "product_reference": "distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64 as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64" }, "product_reference": "distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le" }, "product_reference": "distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x" }, "product_reference": "distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le" }, "product_reference": "distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x" }, "product_reference": "distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "relates_to_product_reference": "8Base-JAEGER-1.20" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64 as a component of Red Hat OpenShift Jaeger 1.20", "product_id": "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" }, "product_reference": "distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64", "relates_to_product_reference": "8Base-JAEGER-1.20" } ] }, "vulnerabilities": [ { "cve": "CVE-2020-13949", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-02-11T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1928172" } ], "notes": [ { "category": "description", "text": "A flaw was found in libthrift. Applications using Thrift would not show an error upon receiving messages declaring containers of sizes larger than the payload. This results in malicious RPC clients with the ability to send short messages which would result in a large memory allocation, potentially leading to denial of service. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "libthrift: potential DoS when processing untrusted payloads", "title": "Vulnerability summary" }, { "category": "other", "text": "* A vulnerable version of the libthrift library is delivered in listed OpenShift Container Platform (OCP) and OpenShift Jaeger (Jaeger) components, but the vulnerable code is not invoked, therefore these components are affected but with impact Moderate. \n\n* For Red Hat OpenStack, because the fix would require a substantial amount of development and OpenDaylight is deprecated in all future versions (RHOSP10 was in tech preview), no update will be provided at this time for the RHOSP libthrift package.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ], "known_not_affected": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-13949" }, { "category": "external", "summary": "RHBZ#1928172", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928172" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13949", "url": "https://www.cve.org/CVERecord?id=CVE-2020-13949" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13949", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13949" } ], "release_date": "2021-02-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-24T15:19:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html", "product_ids": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2543" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "libthrift: potential DoS when processing untrusted payloads" }, { "cve": "CVE-2020-28362", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2020-11-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1897635" } ], "notes": [ { "category": "description", "text": "A flaw was found in the math/big package of Go\u0027s standard library that causes a denial of service. Applications written in Go that use math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: math/big: panic during recursive division of very large numbers", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.\nOpenshift Virtualization 1 (formerly Container Native Virtualization) is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities.\n\nRed Hat Gluster Storage 3 shipped multi-cloud-object-gateway-cli and noobaa-operator container as a technical preview and is not currently planned to be addressed in future updates.\n\nOpenShift Container Platform (OCP) 4.5 and earlier are built with Go versions earlier than 1.14, which are not affected by this vulnerability. OCP 4.6 is built with Go 1.15 and is affected.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ], "known_not_affected": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-28362" }, { "category": "external", "summary": "RHBZ#1897635", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1897635" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28362", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28362" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28362" } ], "release_date": "2020-11-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-24T15:19:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html", "product_ids": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2543" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: math/big: panic during recursive division of very large numbers" }, { "cve": "CVE-2020-28500", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-02-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1928954" } ], "notes": [ { "category": "description", "text": "A flaw was found in nodejs-lodash. A Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd functions is possible.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-lodash library to authenticated users only, therefore the impact is low.\n\nWhile Red Hat Virtualization\u0027s cockpit-ovirt has a dependency on lodash it doesn\u0027t use the vulnerable toNumber, trim, or trimEnd functions.\n\nWhile Red Hat Quay has a dependency on lodash via restangular it doesn\u0027t use the vulnerable toNumber, trim, or trimEnd functions.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x" ], "known_not_affected": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-28500" }, { "category": "external", "summary": "RHBZ#1928954", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928954" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28500", "url": "https://www.cve.org/CVERecord?id=CVE-2020-28500" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28500", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28500" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905", "url": "https://snyk.io/vuln/SNYK-JS-LODASH-1018905" } ], "release_date": "2021-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-24T15:19:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html", "product_ids": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2543" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions" }, { "cve": "CVE-2021-3114", "cwe": { "id": "CWE-682", "name": "Incorrect Calculation" }, "discovery_date": "2021-01-21T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1918750" } ], "notes": [ { "category": "description", "text": "A flaw detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs, reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: crypto/elliptic: incorrect operations on the P-224 curve", "title": "Vulnerability summary" }, { "category": "other", "text": "OpenShift ServiceMesh (OSSM) 1.1 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ], "known_not_affected": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-3114" }, { "category": "external", "summary": "RHBZ#1918750", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1918750" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3114", "url": "https://www.cve.org/CVERecord?id=CVE-2021-3114" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3114" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/mperVMGa98w", "url": "https://groups.google.com/g/golang-announce/c/mperVMGa98w" } ], "release_date": "2021-01-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-24T15:19:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html", "product_ids": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2543" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "golang: crypto/elliptic: incorrect operations on the P-224 curve" }, { "cve": "CVE-2021-23337", "cwe": { "id": "CWE-78", "name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)" }, "discovery_date": "2021-02-15T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1928937" } ], "notes": [ { "category": "description", "text": "A flaw was found in nodejs-lodash. A command injection flaw is possible through template variables.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-lodash: command injection via template", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift ServiceMesh (OSSM) and Red Hat OpenShift Jaeger (RHOSJ) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable nodejs-lodash library to authenticated users only, therefore the impact is low.\n\nWhile Red Hat Virtualization\u0027s cockpit-ovirt has a dependency on lodash it doesn\u0027t use the vulnerable template function.\n\nWhile Red Hat Quay has a dependency on lodash via restangular it doesn\u0027t use the vulnerable template function.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x" ], "known_not_affected": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-23337" }, { "category": "external", "summary": "RHBZ#1928937", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1928937" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23337", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23337" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23337", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23337" }, { "category": "external", "summary": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724", "url": "https://snyk.io/vuln/SNYK-JS-LODASH-1040724" } ], "release_date": "2021-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-24T15:19:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html", "product_ids": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2543" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs-lodash: command injection via template" }, { "cve": "CVE-2021-31525", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)" }, "discovery_date": "2021-05-06T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1958341" } ], "notes": [ { "category": "description", "text": "A vulnerability was detected in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however, servers are only vulnerable if the value of MaxHeaderBytes has been increased from the default.", "title": "Vulnerability description" }, { "category": "summary", "text": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability potentially affects any component written in Go that uses net/http from the standard library. In OpenShift Container Platform (OCP), OpenShift Virtualization, OpenShift ServiceMesh (OSSM) and OpenShift distributed tracing (formerly OpenShift Jaeger), no server side component allows HTTP header values larger than 1 MB (the default), preventing this vulnerability from being exploited by malicious clients. It is possible for components that make client connections to malicious servers to be exploited, however the maximum impact is a crash. This vulnerability is rated Low for the following components: \n* OpenShift Container Platform\n* OpenShift Virtualization \n* OpenShift ServiceMesh\n* OpenShift distributed tracing components.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-31525" }, { "category": "external", "summary": "RHBZ#1958341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-31525", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31525" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31525" }, { "category": "external", "summary": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc", "url": "https://groups.google.com/g/golang-announce/c/cu9SP4eSXMc" } ], "release_date": "2021-04-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-06-24T15:19:30+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhbjaeger-updating.html", "product_ids": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:2543" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:3ff98385705b0766b21b2791dad46bd04ec47f3603c06f1915ea2b81edf6a07b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:d047a499bcbe6b40c8d982bab0f2457073ea1c1661f660039d8bb474acf55bb3_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-agent-rhel8@sha256:e69ecba0ea2353f60a2fbf5e4a0c95a58def044ad4d726e495e1953a1e0fc380_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:301de05a06b8d33bd05b7bb1907880e3c779998a51ded393809966be1f02d429_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:d52f599603e0731cc873b4f60fe13ac961bb1cfc55280caa62d95aa6c39ef149_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-all-in-one-rhel8@sha256:e79e32905038932a7d9d41b87766408911845647553942c5d4f7ea83b4927acd_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:3b8882c5185b18f6424db04cf438db0f2ce876b39cfdb7ac4e3bed4c7880e2fe_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8c50c1306e3c307be8060b3c372a18b0bcdb34d52e21f741d767c94e213a0722_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-collector-rhel8@sha256:8ec8decccf8de6621627be378f33000c51997cb1ce9373a70da87afef20210ec_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:01d8b1b96eb2c6b8b29ebeab2a9379f181f1663a87f92af8577c83d640dfa6e3_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:0a78783656bfc62cc5e2503d403d33adf267460e83938111ed2ca6fae8924b4b_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:91e80a59d5259d446657f37193f6bd12bfb6760ab5550996d3074b4eee531487_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:637ee117a57fdb11a0f4876a7044a31d3335b694b93c88166310edf8f1bce4a5_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:cc8640026f08d9b08dc746356371b7394d87dfe79f1c476d41d0d85ad230cd4b_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ec6ec44ee39b151244ff9fe9fee33da042e2352ea11de04a91c80cb4a2c88be0_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:08be53d09da93e2a6e45c8995eb76e761eebca3e1e8e3a412572c26cc6b8aa29_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:4d65491ebca8d61f13cd1e2f98a34967d5559622dbe0d3227018ecd3bfcf194a_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-ingester-rhel8@sha256:a114b0659c542ecf94570e0d3fe59bed38d5ab541eb7a96ec2bd0734852a7249_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:2d2ad2c44454172fc7d2dce48ecfb5e4ad0e0e09e69f53902decc2b64f6f85ab_amd64", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:dd9af6d468a98eb1da7ab9a5fc6946bf917f55a77e749b1b9dfc1bf6b643480b_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-query-rhel8@sha256:fd0f55cfd6303b412d0021b2c1f0b16f386d433cf4a47f6cbe1aa40edad0c764_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:5612837166e8f4bd8e1f87e19e5e50e328ac109a868a69aa993cd4dc628128b8_ppc64le", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:79ae318bbdfd705b40943d4e4cd44a6061785221b57dbb41e70c666175512f8c_s390x", "8Base-JAEGER-1.20:distributed-tracing/jaeger-rhel8-operator@sha256:b37d9d87fd0568d8cef8966b94714abd82710646e254c145ba07f8567bc22d7a_amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.