rhsa-2021_3024
Vulnerability from csaf_redhat
Published
2021-08-09 07:28
Modified
2024-11-13 22:22
Summary
Red Hat Security Advisory: Red Hat OpenShift Jaeger 1.24.0 Operator/Operand Containers security update
Notes
Topic
An update is now available for Red Hat OpenShift Jaeger 1.24.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift distributed tracing (formerly OpenShift Jaeger) is Red Hat's distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform
installation.
Security Fix(es):
* nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat OpenShift Jaeger 1.24.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift distributed tracing (formerly OpenShift Jaeger) is Red Hat\u0027s distribution of the Jaeger project, tailored for installation into an on-premise OpenShift Container Platform\ninstallation.\n\nSecurity Fix(es):\n\n* nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:3024", "url": "https://access.redhat.com/errata/RHSA-2021:3024" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "1940613", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940613" }, { "category": "external", "summary": "TRACING-2009", "url": "https://issues.redhat.com/browse/TRACING-2009" }, { "category": "external", "summary": "TRACING-377", "url": "https://issues.redhat.com/browse/TRACING-377" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3024.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Jaeger 1.24.0 Operator/Operand Containers security update", "tracking": { "current_release_date": "2024-11-13T22:22:52+00:00", "generator": { "date": "2024-11-13T22:22:52+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2021:3024", "initial_release_date": "2021-08-09T07:28:44+00:00", "revision_history": [ { "date": "2021-08-09T07:28:44+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-08-09T07:28:44+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-13T22:22:52+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Jaeger 1.24", "product": { "name": "Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24", "product_identification_helper": { "cpe": "cpe:/a:redhat:jaeger:1.24::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Jaeger" }, { "branches": [ { "category": "product_version", "name": "distributed-tracing/jaeger-agent-rhel8@sha256:735b306aa784be5c2fd25b8cb8e2acdb774b1219eefa694f98c096425e1e8de6_s390x", "product": { "name": "distributed-tracing/jaeger-agent-rhel8@sha256:735b306aa784be5c2fd25b8cb8e2acdb774b1219eefa694f98c096425e1e8de6_s390x", "product_id": "distributed-tracing/jaeger-agent-rhel8@sha256:735b306aa784be5c2fd25b8cb8e2acdb774b1219eefa694f98c096425e1e8de6_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-agent-rhel8@sha256:735b306aa784be5c2fd25b8cb8e2acdb774b1219eefa694f98c096425e1e8de6?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-agent-rhel8\u0026tag=1.24.0-9" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:fcdb2127f8a269f5f6beffb6fe028244455aac3a0886bc59ce56c666e88b1302_s390x", "product": { "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:fcdb2127f8a269f5f6beffb6fe028244455aac3a0886bc59ce56c666e88b1302_s390x", "product_id": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:fcdb2127f8a269f5f6beffb6fe028244455aac3a0886bc59ce56c666e88b1302_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:fcdb2127f8a269f5f6beffb6fe028244455aac3a0886bc59ce56c666e88b1302?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel8\u0026tag=1.24.0-8" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-collector-rhel8@sha256:87d78468016389498c470ff5c0cfae3e22acc1dd8ef055aceef44afa9ec6dae8_s390x", "product": { "name": "distributed-tracing/jaeger-collector-rhel8@sha256:87d78468016389498c470ff5c0cfae3e22acc1dd8ef055aceef44afa9ec6dae8_s390x", "product_id": "distributed-tracing/jaeger-collector-rhel8@sha256:87d78468016389498c470ff5c0cfae3e22acc1dd8ef055aceef44afa9ec6dae8_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-collector-rhel8@sha256:87d78468016389498c470ff5c0cfae3e22acc1dd8ef055aceef44afa9ec6dae8?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-collector-rhel8\u0026tag=1.24.0-8" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:a891a556ddc7010c809769a1f562e0836eb6b3b06b874ad2c67258c74c8a6b0d_s390x", "product": { "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:a891a556ddc7010c809769a1f562e0836eb6b3b06b874ad2c67258c74c8a6b0d_s390x", "product_id": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:a891a556ddc7010c809769a1f562e0836eb6b3b06b874ad2c67258c74c8a6b0d_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:a891a556ddc7010c809769a1f562e0836eb6b3b06b874ad2c67258c74c8a6b0d?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel8\u0026tag=1.24.0-10" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:abf305acbcd3b1d6add81353fcc08ddf389cb38caf579ae3d1f3a9f506533f31_s390x", "product": { "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:abf305acbcd3b1d6add81353fcc08ddf389cb38caf579ae3d1f3a9f506533f31_s390x", "product_id": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:abf305acbcd3b1d6add81353fcc08ddf389cb38caf579ae3d1f3a9f506533f31_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:abf305acbcd3b1d6add81353fcc08ddf389cb38caf579ae3d1f3a9f506533f31?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel8\u0026tag=1.24.0-14" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:08d933c1abc89403e94199da7a473d42b753f6df9666c393960dfd7b38f255bd_s390x", "product": { "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:08d933c1abc89403e94199da7a473d42b753f6df9666c393960dfd7b38f255bd_s390x", "product_id": "distributed-tracing/jaeger-ingester-rhel8@sha256:08d933c1abc89403e94199da7a473d42b753f6df9666c393960dfd7b38f255bd_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-ingester-rhel8@sha256:08d933c1abc89403e94199da7a473d42b753f6df9666c393960dfd7b38f255bd?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-ingester-rhel8\u0026tag=1.24.0-8" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-query-rhel8@sha256:f5126af833eaaa79e3acc9f232274d0f9af50871bd8d6a8b4ca401854eb9d69e_s390x", "product": { "name": "distributed-tracing/jaeger-query-rhel8@sha256:f5126af833eaaa79e3acc9f232274d0f9af50871bd8d6a8b4ca401854eb9d69e_s390x", "product_id": "distributed-tracing/jaeger-query-rhel8@sha256:f5126af833eaaa79e3acc9f232274d0f9af50871bd8d6a8b4ca401854eb9d69e_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-query-rhel8@sha256:f5126af833eaaa79e3acc9f232274d0f9af50871bd8d6a8b4ca401854eb9d69e?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-query-rhel8\u0026tag=1.24.0-9" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-rhel8-operator@sha256:3c6a5a772f9b069be99bec6133bba4016916598a1126240a8fb1fd333b321af7_s390x", "product": { "name": "distributed-tracing/jaeger-rhel8-operator@sha256:3c6a5a772f9b069be99bec6133bba4016916598a1126240a8fb1fd333b321af7_s390x", "product_id": "distributed-tracing/jaeger-rhel8-operator@sha256:3c6a5a772f9b069be99bec6133bba4016916598a1126240a8fb1fd333b321af7_s390x", "product_identification_helper": { "purl": "pkg:oci/jaeger-rhel8-operator@sha256:3c6a5a772f9b069be99bec6133bba4016916598a1126240a8fb1fd333b321af7?arch=s390x\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-rhel8-operator\u0026tag=1.24.0-16" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "distributed-tracing/jaeger-agent-rhel8@sha256:a9ec7de569df87e84e1e3fc5ca499fcf8cdd90dd785088089dba1f864e4d6b88_amd64", "product": { "name": "distributed-tracing/jaeger-agent-rhel8@sha256:a9ec7de569df87e84e1e3fc5ca499fcf8cdd90dd785088089dba1f864e4d6b88_amd64", "product_id": "distributed-tracing/jaeger-agent-rhel8@sha256:a9ec7de569df87e84e1e3fc5ca499fcf8cdd90dd785088089dba1f864e4d6b88_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-agent-rhel8@sha256:a9ec7de569df87e84e1e3fc5ca499fcf8cdd90dd785088089dba1f864e4d6b88?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-agent-rhel8\u0026tag=1.24.0-9" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:7d5af7217e9bf8929c444ae33246b11efdde65f07e6c097a1472d8e14de86352_amd64", "product": { "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:7d5af7217e9bf8929c444ae33246b11efdde65f07e6c097a1472d8e14de86352_amd64", "product_id": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:7d5af7217e9bf8929c444ae33246b11efdde65f07e6c097a1472d8e14de86352_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:7d5af7217e9bf8929c444ae33246b11efdde65f07e6c097a1472d8e14de86352?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel8\u0026tag=1.24.0-8" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-collector-rhel8@sha256:f9fddbafae2ae53c144133ed7bb9153820091646065ff74392464c957fdc3aed_amd64", "product": { "name": "distributed-tracing/jaeger-collector-rhel8@sha256:f9fddbafae2ae53c144133ed7bb9153820091646065ff74392464c957fdc3aed_amd64", "product_id": "distributed-tracing/jaeger-collector-rhel8@sha256:f9fddbafae2ae53c144133ed7bb9153820091646065ff74392464c957fdc3aed_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-collector-rhel8@sha256:f9fddbafae2ae53c144133ed7bb9153820091646065ff74392464c957fdc3aed?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-collector-rhel8\u0026tag=1.24.0-8" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:fd243cd829d37fcc232afacf99060927902db9a21f31d4da5d5df547bdc15abd_amd64", "product": { "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:fd243cd829d37fcc232afacf99060927902db9a21f31d4da5d5df547bdc15abd_amd64", "product_id": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:fd243cd829d37fcc232afacf99060927902db9a21f31d4da5d5df547bdc15abd_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:fd243cd829d37fcc232afacf99060927902db9a21f31d4da5d5df547bdc15abd?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel8\u0026tag=1.24.0-10" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:01ca4015280a87e491da3f59e9c347a4b07f7a9faf352932a4acf9f3694806fb_amd64", "product": { "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:01ca4015280a87e491da3f59e9c347a4b07f7a9faf352932a4acf9f3694806fb_amd64", "product_id": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:01ca4015280a87e491da3f59e9c347a4b07f7a9faf352932a4acf9f3694806fb_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:01ca4015280a87e491da3f59e9c347a4b07f7a9faf352932a4acf9f3694806fb?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel8\u0026tag=1.24.0-14" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:c16b9e67b5b6cef8d23e3546c05db979b800752734a8b73c06ce49c9a6cf7db2_amd64", "product": { "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:c16b9e67b5b6cef8d23e3546c05db979b800752734a8b73c06ce49c9a6cf7db2_amd64", "product_id": "distributed-tracing/jaeger-ingester-rhel8@sha256:c16b9e67b5b6cef8d23e3546c05db979b800752734a8b73c06ce49c9a6cf7db2_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-ingester-rhel8@sha256:c16b9e67b5b6cef8d23e3546c05db979b800752734a8b73c06ce49c9a6cf7db2?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-ingester-rhel8\u0026tag=1.24.0-8" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-query-rhel8@sha256:87c8e391fb5f0fb9f64ad43b2ee341ca8ef5b8592cdd2fd7a7278e87a2c26f73_amd64", "product": { "name": "distributed-tracing/jaeger-query-rhel8@sha256:87c8e391fb5f0fb9f64ad43b2ee341ca8ef5b8592cdd2fd7a7278e87a2c26f73_amd64", "product_id": "distributed-tracing/jaeger-query-rhel8@sha256:87c8e391fb5f0fb9f64ad43b2ee341ca8ef5b8592cdd2fd7a7278e87a2c26f73_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-query-rhel8@sha256:87c8e391fb5f0fb9f64ad43b2ee341ca8ef5b8592cdd2fd7a7278e87a2c26f73?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-query-rhel8\u0026tag=1.24.0-9" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-rhel8-operator@sha256:633b50d4922d3f97498e254e0f918bcbea56f86621218306964d4e3d6e5d636f_amd64", "product": { "name": "distributed-tracing/jaeger-rhel8-operator@sha256:633b50d4922d3f97498e254e0f918bcbea56f86621218306964d4e3d6e5d636f_amd64", "product_id": "distributed-tracing/jaeger-rhel8-operator@sha256:633b50d4922d3f97498e254e0f918bcbea56f86621218306964d4e3d6e5d636f_amd64", "product_identification_helper": { "purl": "pkg:oci/jaeger-rhel8-operator@sha256:633b50d4922d3f97498e254e0f918bcbea56f86621218306964d4e3d6e5d636f?arch=amd64\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-rhel8-operator\u0026tag=1.24.0-16" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "distributed-tracing/jaeger-agent-rhel8@sha256:bdbef8098e1f49ec504c37fa088de7b56955b85ef7547aaab15ad9c48e42ba45_ppc64le", "product": { "name": "distributed-tracing/jaeger-agent-rhel8@sha256:bdbef8098e1f49ec504c37fa088de7b56955b85ef7547aaab15ad9c48e42ba45_ppc64le", "product_id": "distributed-tracing/jaeger-agent-rhel8@sha256:bdbef8098e1f49ec504c37fa088de7b56955b85ef7547aaab15ad9c48e42ba45_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-agent-rhel8@sha256:bdbef8098e1f49ec504c37fa088de7b56955b85ef7547aaab15ad9c48e42ba45?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-agent-rhel8\u0026tag=1.24.0-9" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:9d271a288f1a1f5102863b7555eaafbc24f22a59f13ced48cd4370caeb2df343_ppc64le", "product": { "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:9d271a288f1a1f5102863b7555eaafbc24f22a59f13ced48cd4370caeb2df343_ppc64le", "product_id": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:9d271a288f1a1f5102863b7555eaafbc24f22a59f13ced48cd4370caeb2df343_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-all-in-one-rhel8@sha256:9d271a288f1a1f5102863b7555eaafbc24f22a59f13ced48cd4370caeb2df343?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-all-in-one-rhel8\u0026tag=1.24.0-8" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-collector-rhel8@sha256:7ac829d0b5eeaf57a9d42a185c6e731d35532c16b8d5e9e2f51c2f811bc91b09_ppc64le", "product": { "name": "distributed-tracing/jaeger-collector-rhel8@sha256:7ac829d0b5eeaf57a9d42a185c6e731d35532c16b8d5e9e2f51c2f811bc91b09_ppc64le", "product_id": "distributed-tracing/jaeger-collector-rhel8@sha256:7ac829d0b5eeaf57a9d42a185c6e731d35532c16b8d5e9e2f51c2f811bc91b09_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-collector-rhel8@sha256:7ac829d0b5eeaf57a9d42a185c6e731d35532c16b8d5e9e2f51c2f811bc91b09?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-collector-rhel8\u0026tag=1.24.0-8" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:3664d658367bc964d285e592f0cb277909c3346ef6e9196db0beafba6b43e667_ppc64le", "product": { "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:3664d658367bc964d285e592f0cb277909c3346ef6e9196db0beafba6b43e667_ppc64le", "product_id": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:3664d658367bc964d285e592f0cb277909c3346ef6e9196db0beafba6b43e667_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-index-cleaner-rhel8@sha256:3664d658367bc964d285e592f0cb277909c3346ef6e9196db0beafba6b43e667?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-index-cleaner-rhel8\u0026tag=1.24.0-10" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ab83395c98e913252c6990d91d42dd670623afe32abde63c8ec93e2a715daabf_ppc64le", "product": { "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ab83395c98e913252c6990d91d42dd670623afe32abde63c8ec93e2a715daabf_ppc64le", "product_id": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ab83395c98e913252c6990d91d42dd670623afe32abde63c8ec93e2a715daabf_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-es-rollover-rhel8@sha256:ab83395c98e913252c6990d91d42dd670623afe32abde63c8ec93e2a715daabf?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-es-rollover-rhel8\u0026tag=1.24.0-14" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:c03a94c2f0e6dfe0575514e08640ef170f240577ab025aea4766daac72b12c3a_ppc64le", "product": { "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:c03a94c2f0e6dfe0575514e08640ef170f240577ab025aea4766daac72b12c3a_ppc64le", "product_id": "distributed-tracing/jaeger-ingester-rhel8@sha256:c03a94c2f0e6dfe0575514e08640ef170f240577ab025aea4766daac72b12c3a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-ingester-rhel8@sha256:c03a94c2f0e6dfe0575514e08640ef170f240577ab025aea4766daac72b12c3a?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-ingester-rhel8\u0026tag=1.24.0-8" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-query-rhel8@sha256:5575dca9092c9f1949b22fa165ecd03a910b59fe51d7d150e1d4ede43cc869d8_ppc64le", "product": { "name": "distributed-tracing/jaeger-query-rhel8@sha256:5575dca9092c9f1949b22fa165ecd03a910b59fe51d7d150e1d4ede43cc869d8_ppc64le", "product_id": "distributed-tracing/jaeger-query-rhel8@sha256:5575dca9092c9f1949b22fa165ecd03a910b59fe51d7d150e1d4ede43cc869d8_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-query-rhel8@sha256:5575dca9092c9f1949b22fa165ecd03a910b59fe51d7d150e1d4ede43cc869d8?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-query-rhel8\u0026tag=1.24.0-9" } } }, { "category": "product_version", "name": "distributed-tracing/jaeger-rhel8-operator@sha256:9f06fe997b00503643e5aeac74cc9ddbe5600b2710fa2ca7c40b83a97117c9ab_ppc64le", "product": { "name": "distributed-tracing/jaeger-rhel8-operator@sha256:9f06fe997b00503643e5aeac74cc9ddbe5600b2710fa2ca7c40b83a97117c9ab_ppc64le", "product_id": "distributed-tracing/jaeger-rhel8-operator@sha256:9f06fe997b00503643e5aeac74cc9ddbe5600b2710fa2ca7c40b83a97117c9ab_ppc64le", "product_identification_helper": { "purl": "pkg:oci/jaeger-rhel8-operator@sha256:9f06fe997b00503643e5aeac74cc9ddbe5600b2710fa2ca7c40b83a97117c9ab?arch=ppc64le\u0026repository_url=registry.redhat.io/distributed-tracing/jaeger-rhel8-operator\u0026tag=1.24.0-16" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-agent-rhel8@sha256:735b306aa784be5c2fd25b8cb8e2acdb774b1219eefa694f98c096425e1e8de6_s390x as a component of Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24:distributed-tracing/jaeger-agent-rhel8@sha256:735b306aa784be5c2fd25b8cb8e2acdb774b1219eefa694f98c096425e1e8de6_s390x" }, "product_reference": "distributed-tracing/jaeger-agent-rhel8@sha256:735b306aa784be5c2fd25b8cb8e2acdb774b1219eefa694f98c096425e1e8de6_s390x", "relates_to_product_reference": "8Base-JAEGER-1.24" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-agent-rhel8@sha256:a9ec7de569df87e84e1e3fc5ca499fcf8cdd90dd785088089dba1f864e4d6b88_amd64 as a component of Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24:distributed-tracing/jaeger-agent-rhel8@sha256:a9ec7de569df87e84e1e3fc5ca499fcf8cdd90dd785088089dba1f864e4d6b88_amd64" }, "product_reference": "distributed-tracing/jaeger-agent-rhel8@sha256:a9ec7de569df87e84e1e3fc5ca499fcf8cdd90dd785088089dba1f864e4d6b88_amd64", "relates_to_product_reference": "8Base-JAEGER-1.24" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-agent-rhel8@sha256:bdbef8098e1f49ec504c37fa088de7b56955b85ef7547aaab15ad9c48e42ba45_ppc64le as a component of Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24:distributed-tracing/jaeger-agent-rhel8@sha256:bdbef8098e1f49ec504c37fa088de7b56955b85ef7547aaab15ad9c48e42ba45_ppc64le" }, "product_reference": "distributed-tracing/jaeger-agent-rhel8@sha256:bdbef8098e1f49ec504c37fa088de7b56955b85ef7547aaab15ad9c48e42ba45_ppc64le", "relates_to_product_reference": "8Base-JAEGER-1.24" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:7d5af7217e9bf8929c444ae33246b11efdde65f07e6c097a1472d8e14de86352_amd64 as a component of Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24:distributed-tracing/jaeger-all-in-one-rhel8@sha256:7d5af7217e9bf8929c444ae33246b11efdde65f07e6c097a1472d8e14de86352_amd64" }, "product_reference": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:7d5af7217e9bf8929c444ae33246b11efdde65f07e6c097a1472d8e14de86352_amd64", "relates_to_product_reference": "8Base-JAEGER-1.24" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:9d271a288f1a1f5102863b7555eaafbc24f22a59f13ced48cd4370caeb2df343_ppc64le as a component of Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24:distributed-tracing/jaeger-all-in-one-rhel8@sha256:9d271a288f1a1f5102863b7555eaafbc24f22a59f13ced48cd4370caeb2df343_ppc64le" }, "product_reference": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:9d271a288f1a1f5102863b7555eaafbc24f22a59f13ced48cd4370caeb2df343_ppc64le", "relates_to_product_reference": "8Base-JAEGER-1.24" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:fcdb2127f8a269f5f6beffb6fe028244455aac3a0886bc59ce56c666e88b1302_s390x as a component of Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24:distributed-tracing/jaeger-all-in-one-rhel8@sha256:fcdb2127f8a269f5f6beffb6fe028244455aac3a0886bc59ce56c666e88b1302_s390x" }, "product_reference": "distributed-tracing/jaeger-all-in-one-rhel8@sha256:fcdb2127f8a269f5f6beffb6fe028244455aac3a0886bc59ce56c666e88b1302_s390x", "relates_to_product_reference": "8Base-JAEGER-1.24" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-collector-rhel8@sha256:7ac829d0b5eeaf57a9d42a185c6e731d35532c16b8d5e9e2f51c2f811bc91b09_ppc64le as a component of Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24:distributed-tracing/jaeger-collector-rhel8@sha256:7ac829d0b5eeaf57a9d42a185c6e731d35532c16b8d5e9e2f51c2f811bc91b09_ppc64le" }, "product_reference": "distributed-tracing/jaeger-collector-rhel8@sha256:7ac829d0b5eeaf57a9d42a185c6e731d35532c16b8d5e9e2f51c2f811bc91b09_ppc64le", "relates_to_product_reference": "8Base-JAEGER-1.24" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-collector-rhel8@sha256:87d78468016389498c470ff5c0cfae3e22acc1dd8ef055aceef44afa9ec6dae8_s390x as a component of Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24:distributed-tracing/jaeger-collector-rhel8@sha256:87d78468016389498c470ff5c0cfae3e22acc1dd8ef055aceef44afa9ec6dae8_s390x" }, "product_reference": "distributed-tracing/jaeger-collector-rhel8@sha256:87d78468016389498c470ff5c0cfae3e22acc1dd8ef055aceef44afa9ec6dae8_s390x", "relates_to_product_reference": "8Base-JAEGER-1.24" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-collector-rhel8@sha256:f9fddbafae2ae53c144133ed7bb9153820091646065ff74392464c957fdc3aed_amd64 as a component of Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24:distributed-tracing/jaeger-collector-rhel8@sha256:f9fddbafae2ae53c144133ed7bb9153820091646065ff74392464c957fdc3aed_amd64" }, "product_reference": "distributed-tracing/jaeger-collector-rhel8@sha256:f9fddbafae2ae53c144133ed7bb9153820091646065ff74392464c957fdc3aed_amd64", "relates_to_product_reference": "8Base-JAEGER-1.24" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:3664d658367bc964d285e592f0cb277909c3346ef6e9196db0beafba6b43e667_ppc64le as a component of Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:3664d658367bc964d285e592f0cb277909c3346ef6e9196db0beafba6b43e667_ppc64le" }, "product_reference": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:3664d658367bc964d285e592f0cb277909c3346ef6e9196db0beafba6b43e667_ppc64le", "relates_to_product_reference": "8Base-JAEGER-1.24" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:a891a556ddc7010c809769a1f562e0836eb6b3b06b874ad2c67258c74c8a6b0d_s390x as a component of Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:a891a556ddc7010c809769a1f562e0836eb6b3b06b874ad2c67258c74c8a6b0d_s390x" }, "product_reference": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:a891a556ddc7010c809769a1f562e0836eb6b3b06b874ad2c67258c74c8a6b0d_s390x", "relates_to_product_reference": "8Base-JAEGER-1.24" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:fd243cd829d37fcc232afacf99060927902db9a21f31d4da5d5df547bdc15abd_amd64 as a component of Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:fd243cd829d37fcc232afacf99060927902db9a21f31d4da5d5df547bdc15abd_amd64" }, "product_reference": "distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:fd243cd829d37fcc232afacf99060927902db9a21f31d4da5d5df547bdc15abd_amd64", "relates_to_product_reference": "8Base-JAEGER-1.24" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:01ca4015280a87e491da3f59e9c347a4b07f7a9faf352932a4acf9f3694806fb_amd64 as a component of Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24:distributed-tracing/jaeger-es-rollover-rhel8@sha256:01ca4015280a87e491da3f59e9c347a4b07f7a9faf352932a4acf9f3694806fb_amd64" }, "product_reference": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:01ca4015280a87e491da3f59e9c347a4b07f7a9faf352932a4acf9f3694806fb_amd64", "relates_to_product_reference": "8Base-JAEGER-1.24" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ab83395c98e913252c6990d91d42dd670623afe32abde63c8ec93e2a715daabf_ppc64le as a component of Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ab83395c98e913252c6990d91d42dd670623afe32abde63c8ec93e2a715daabf_ppc64le" }, "product_reference": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:ab83395c98e913252c6990d91d42dd670623afe32abde63c8ec93e2a715daabf_ppc64le", "relates_to_product_reference": "8Base-JAEGER-1.24" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:abf305acbcd3b1d6add81353fcc08ddf389cb38caf579ae3d1f3a9f506533f31_s390x as a component of Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24:distributed-tracing/jaeger-es-rollover-rhel8@sha256:abf305acbcd3b1d6add81353fcc08ddf389cb38caf579ae3d1f3a9f506533f31_s390x" }, "product_reference": "distributed-tracing/jaeger-es-rollover-rhel8@sha256:abf305acbcd3b1d6add81353fcc08ddf389cb38caf579ae3d1f3a9f506533f31_s390x", "relates_to_product_reference": "8Base-JAEGER-1.24" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:08d933c1abc89403e94199da7a473d42b753f6df9666c393960dfd7b38f255bd_s390x as a component of Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24:distributed-tracing/jaeger-ingester-rhel8@sha256:08d933c1abc89403e94199da7a473d42b753f6df9666c393960dfd7b38f255bd_s390x" }, "product_reference": "distributed-tracing/jaeger-ingester-rhel8@sha256:08d933c1abc89403e94199da7a473d42b753f6df9666c393960dfd7b38f255bd_s390x", "relates_to_product_reference": "8Base-JAEGER-1.24" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:c03a94c2f0e6dfe0575514e08640ef170f240577ab025aea4766daac72b12c3a_ppc64le as a component of Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24:distributed-tracing/jaeger-ingester-rhel8@sha256:c03a94c2f0e6dfe0575514e08640ef170f240577ab025aea4766daac72b12c3a_ppc64le" }, "product_reference": "distributed-tracing/jaeger-ingester-rhel8@sha256:c03a94c2f0e6dfe0575514e08640ef170f240577ab025aea4766daac72b12c3a_ppc64le", "relates_to_product_reference": "8Base-JAEGER-1.24" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-ingester-rhel8@sha256:c16b9e67b5b6cef8d23e3546c05db979b800752734a8b73c06ce49c9a6cf7db2_amd64 as a component of Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24:distributed-tracing/jaeger-ingester-rhel8@sha256:c16b9e67b5b6cef8d23e3546c05db979b800752734a8b73c06ce49c9a6cf7db2_amd64" }, "product_reference": "distributed-tracing/jaeger-ingester-rhel8@sha256:c16b9e67b5b6cef8d23e3546c05db979b800752734a8b73c06ce49c9a6cf7db2_amd64", "relates_to_product_reference": "8Base-JAEGER-1.24" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-query-rhel8@sha256:5575dca9092c9f1949b22fa165ecd03a910b59fe51d7d150e1d4ede43cc869d8_ppc64le as a component of Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24:distributed-tracing/jaeger-query-rhel8@sha256:5575dca9092c9f1949b22fa165ecd03a910b59fe51d7d150e1d4ede43cc869d8_ppc64le" }, "product_reference": "distributed-tracing/jaeger-query-rhel8@sha256:5575dca9092c9f1949b22fa165ecd03a910b59fe51d7d150e1d4ede43cc869d8_ppc64le", "relates_to_product_reference": "8Base-JAEGER-1.24" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-query-rhel8@sha256:87c8e391fb5f0fb9f64ad43b2ee341ca8ef5b8592cdd2fd7a7278e87a2c26f73_amd64 as a component of Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24:distributed-tracing/jaeger-query-rhel8@sha256:87c8e391fb5f0fb9f64ad43b2ee341ca8ef5b8592cdd2fd7a7278e87a2c26f73_amd64" }, "product_reference": "distributed-tracing/jaeger-query-rhel8@sha256:87c8e391fb5f0fb9f64ad43b2ee341ca8ef5b8592cdd2fd7a7278e87a2c26f73_amd64", "relates_to_product_reference": "8Base-JAEGER-1.24" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-query-rhel8@sha256:f5126af833eaaa79e3acc9f232274d0f9af50871bd8d6a8b4ca401854eb9d69e_s390x as a component of Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24:distributed-tracing/jaeger-query-rhel8@sha256:f5126af833eaaa79e3acc9f232274d0f9af50871bd8d6a8b4ca401854eb9d69e_s390x" }, "product_reference": "distributed-tracing/jaeger-query-rhel8@sha256:f5126af833eaaa79e3acc9f232274d0f9af50871bd8d6a8b4ca401854eb9d69e_s390x", "relates_to_product_reference": "8Base-JAEGER-1.24" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-rhel8-operator@sha256:3c6a5a772f9b069be99bec6133bba4016916598a1126240a8fb1fd333b321af7_s390x as a component of Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24:distributed-tracing/jaeger-rhel8-operator@sha256:3c6a5a772f9b069be99bec6133bba4016916598a1126240a8fb1fd333b321af7_s390x" }, "product_reference": "distributed-tracing/jaeger-rhel8-operator@sha256:3c6a5a772f9b069be99bec6133bba4016916598a1126240a8fb1fd333b321af7_s390x", "relates_to_product_reference": "8Base-JAEGER-1.24" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-rhel8-operator@sha256:633b50d4922d3f97498e254e0f918bcbea56f86621218306964d4e3d6e5d636f_amd64 as a component of Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24:distributed-tracing/jaeger-rhel8-operator@sha256:633b50d4922d3f97498e254e0f918bcbea56f86621218306964d4e3d6e5d636f_amd64" }, "product_reference": "distributed-tracing/jaeger-rhel8-operator@sha256:633b50d4922d3f97498e254e0f918bcbea56f86621218306964d4e3d6e5d636f_amd64", "relates_to_product_reference": "8Base-JAEGER-1.24" }, { "category": "default_component_of", "full_product_name": { "name": "distributed-tracing/jaeger-rhel8-operator@sha256:9f06fe997b00503643e5aeac74cc9ddbe5600b2710fa2ca7c40b83a97117c9ab_ppc64le as a component of Red Hat OpenShift Jaeger 1.24", "product_id": "8Base-JAEGER-1.24:distributed-tracing/jaeger-rhel8-operator@sha256:9f06fe997b00503643e5aeac74cc9ddbe5600b2710fa2ca7c40b83a97117c9ab_ppc64le" }, "product_reference": "distributed-tracing/jaeger-rhel8-operator@sha256:9f06fe997b00503643e5aeac74cc9ddbe5600b2710fa2ca7c40b83a97117c9ab_ppc64le", "relates_to_product_reference": "8Base-JAEGER-1.24" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-27292", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2021-03-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1940613" } ], "notes": [ { "category": "description", "text": "A regular expression denial of service (ReDoS) vulnerability was found in the npm library `ua-parser-js`. If a supplied user agent matches the `Noble` string and contains many spaces then the regex will conduct backtracking, taking an ever increasing amount of time depending on the number of spaces supplied. An attacker can use this vulnerability to potentially craft a malicious user agent resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-ua-parser-js: ReDoS via malicious User-Agent header", "title": "Vulnerability summary" }, { "category": "other", "text": "While some components do package a vulnerable version of ua-parser-js, access to them requires OpenShift OAuth credentials and hence have been marked with a Low impact. This applies to the following products:\n - OpenShift Container Platform (OCP)\n - OpenShift ServiceMesh (OSSM) \n - Red Hat OpenShift Jaeger (RHOSJ)\n - Red Hat OpenShift Logging\n\nThe OCP presto-container does ship the vulnerable component, however since OCP 4.6 the Metering product has been deprecated [1], set as wont-fix and may be fixed in a future release.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships graphql-tools that pulls 0.7.23 version of ua-parser-js that uses the affected code.\n\n[1] - https://access.redhat.com/solutions/5707561", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-JAEGER-1.24:distributed-tracing/jaeger-agent-rhel8@sha256:735b306aa784be5c2fd25b8cb8e2acdb774b1219eefa694f98c096425e1e8de6_s390x", "8Base-JAEGER-1.24:distributed-tracing/jaeger-agent-rhel8@sha256:a9ec7de569df87e84e1e3fc5ca499fcf8cdd90dd785088089dba1f864e4d6b88_amd64", "8Base-JAEGER-1.24:distributed-tracing/jaeger-agent-rhel8@sha256:bdbef8098e1f49ec504c37fa088de7b56955b85ef7547aaab15ad9c48e42ba45_ppc64le", "8Base-JAEGER-1.24:distributed-tracing/jaeger-all-in-one-rhel8@sha256:7d5af7217e9bf8929c444ae33246b11efdde65f07e6c097a1472d8e14de86352_amd64", "8Base-JAEGER-1.24:distributed-tracing/jaeger-all-in-one-rhel8@sha256:9d271a288f1a1f5102863b7555eaafbc24f22a59f13ced48cd4370caeb2df343_ppc64le", "8Base-JAEGER-1.24:distributed-tracing/jaeger-all-in-one-rhel8@sha256:fcdb2127f8a269f5f6beffb6fe028244455aac3a0886bc59ce56c666e88b1302_s390x", "8Base-JAEGER-1.24:distributed-tracing/jaeger-collector-rhel8@sha256:7ac829d0b5eeaf57a9d42a185c6e731d35532c16b8d5e9e2f51c2f811bc91b09_ppc64le", "8Base-JAEGER-1.24:distributed-tracing/jaeger-collector-rhel8@sha256:87d78468016389498c470ff5c0cfae3e22acc1dd8ef055aceef44afa9ec6dae8_s390x", "8Base-JAEGER-1.24:distributed-tracing/jaeger-collector-rhel8@sha256:f9fddbafae2ae53c144133ed7bb9153820091646065ff74392464c957fdc3aed_amd64", "8Base-JAEGER-1.24:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:3664d658367bc964d285e592f0cb277909c3346ef6e9196db0beafba6b43e667_ppc64le", "8Base-JAEGER-1.24:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:a891a556ddc7010c809769a1f562e0836eb6b3b06b874ad2c67258c74c8a6b0d_s390x", "8Base-JAEGER-1.24:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:fd243cd829d37fcc232afacf99060927902db9a21f31d4da5d5df547bdc15abd_amd64", "8Base-JAEGER-1.24:distributed-tracing/jaeger-es-rollover-rhel8@sha256:01ca4015280a87e491da3f59e9c347a4b07f7a9faf352932a4acf9f3694806fb_amd64", "8Base-JAEGER-1.24:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ab83395c98e913252c6990d91d42dd670623afe32abde63c8ec93e2a715daabf_ppc64le", "8Base-JAEGER-1.24:distributed-tracing/jaeger-es-rollover-rhel8@sha256:abf305acbcd3b1d6add81353fcc08ddf389cb38caf579ae3d1f3a9f506533f31_s390x", "8Base-JAEGER-1.24:distributed-tracing/jaeger-ingester-rhel8@sha256:08d933c1abc89403e94199da7a473d42b753f6df9666c393960dfd7b38f255bd_s390x", "8Base-JAEGER-1.24:distributed-tracing/jaeger-ingester-rhel8@sha256:c03a94c2f0e6dfe0575514e08640ef170f240577ab025aea4766daac72b12c3a_ppc64le", "8Base-JAEGER-1.24:distributed-tracing/jaeger-ingester-rhel8@sha256:c16b9e67b5b6cef8d23e3546c05db979b800752734a8b73c06ce49c9a6cf7db2_amd64", "8Base-JAEGER-1.24:distributed-tracing/jaeger-query-rhel8@sha256:5575dca9092c9f1949b22fa165ecd03a910b59fe51d7d150e1d4ede43cc869d8_ppc64le", "8Base-JAEGER-1.24:distributed-tracing/jaeger-query-rhel8@sha256:87c8e391fb5f0fb9f64ad43b2ee341ca8ef5b8592cdd2fd7a7278e87a2c26f73_amd64", "8Base-JAEGER-1.24:distributed-tracing/jaeger-query-rhel8@sha256:f5126af833eaaa79e3acc9f232274d0f9af50871bd8d6a8b4ca401854eb9d69e_s390x", "8Base-JAEGER-1.24:distributed-tracing/jaeger-rhel8-operator@sha256:3c6a5a772f9b069be99bec6133bba4016916598a1126240a8fb1fd333b321af7_s390x", "8Base-JAEGER-1.24:distributed-tracing/jaeger-rhel8-operator@sha256:633b50d4922d3f97498e254e0f918bcbea56f86621218306964d4e3d6e5d636f_amd64", "8Base-JAEGER-1.24:distributed-tracing/jaeger-rhel8-operator@sha256:9f06fe997b00503643e5aeac74cc9ddbe5600b2710fa2ca7c40b83a97117c9ab_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-27292" }, { "category": "external", "summary": "RHBZ#1940613", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940613" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27292", "url": "https://www.cve.org/CVERecord?id=CVE-2021-27292" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27292", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27292" }, { "category": "external", "summary": "https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76", "url": "https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76" } ], "release_date": "2021-02-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-08-09T07:28:44+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://docs.openshift.com/container-platform/4.8/jaeger/jaeger_install/rhbjaeger-updating.html", "product_ids": [ "8Base-JAEGER-1.24:distributed-tracing/jaeger-agent-rhel8@sha256:735b306aa784be5c2fd25b8cb8e2acdb774b1219eefa694f98c096425e1e8de6_s390x", "8Base-JAEGER-1.24:distributed-tracing/jaeger-agent-rhel8@sha256:a9ec7de569df87e84e1e3fc5ca499fcf8cdd90dd785088089dba1f864e4d6b88_amd64", "8Base-JAEGER-1.24:distributed-tracing/jaeger-agent-rhel8@sha256:bdbef8098e1f49ec504c37fa088de7b56955b85ef7547aaab15ad9c48e42ba45_ppc64le", "8Base-JAEGER-1.24:distributed-tracing/jaeger-all-in-one-rhel8@sha256:7d5af7217e9bf8929c444ae33246b11efdde65f07e6c097a1472d8e14de86352_amd64", "8Base-JAEGER-1.24:distributed-tracing/jaeger-all-in-one-rhel8@sha256:9d271a288f1a1f5102863b7555eaafbc24f22a59f13ced48cd4370caeb2df343_ppc64le", "8Base-JAEGER-1.24:distributed-tracing/jaeger-all-in-one-rhel8@sha256:fcdb2127f8a269f5f6beffb6fe028244455aac3a0886bc59ce56c666e88b1302_s390x", "8Base-JAEGER-1.24:distributed-tracing/jaeger-collector-rhel8@sha256:7ac829d0b5eeaf57a9d42a185c6e731d35532c16b8d5e9e2f51c2f811bc91b09_ppc64le", "8Base-JAEGER-1.24:distributed-tracing/jaeger-collector-rhel8@sha256:87d78468016389498c470ff5c0cfae3e22acc1dd8ef055aceef44afa9ec6dae8_s390x", "8Base-JAEGER-1.24:distributed-tracing/jaeger-collector-rhel8@sha256:f9fddbafae2ae53c144133ed7bb9153820091646065ff74392464c957fdc3aed_amd64", "8Base-JAEGER-1.24:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:3664d658367bc964d285e592f0cb277909c3346ef6e9196db0beafba6b43e667_ppc64le", "8Base-JAEGER-1.24:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:a891a556ddc7010c809769a1f562e0836eb6b3b06b874ad2c67258c74c8a6b0d_s390x", "8Base-JAEGER-1.24:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:fd243cd829d37fcc232afacf99060927902db9a21f31d4da5d5df547bdc15abd_amd64", "8Base-JAEGER-1.24:distributed-tracing/jaeger-es-rollover-rhel8@sha256:01ca4015280a87e491da3f59e9c347a4b07f7a9faf352932a4acf9f3694806fb_amd64", "8Base-JAEGER-1.24:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ab83395c98e913252c6990d91d42dd670623afe32abde63c8ec93e2a715daabf_ppc64le", "8Base-JAEGER-1.24:distributed-tracing/jaeger-es-rollover-rhel8@sha256:abf305acbcd3b1d6add81353fcc08ddf389cb38caf579ae3d1f3a9f506533f31_s390x", "8Base-JAEGER-1.24:distributed-tracing/jaeger-ingester-rhel8@sha256:08d933c1abc89403e94199da7a473d42b753f6df9666c393960dfd7b38f255bd_s390x", "8Base-JAEGER-1.24:distributed-tracing/jaeger-ingester-rhel8@sha256:c03a94c2f0e6dfe0575514e08640ef170f240577ab025aea4766daac72b12c3a_ppc64le", "8Base-JAEGER-1.24:distributed-tracing/jaeger-ingester-rhel8@sha256:c16b9e67b5b6cef8d23e3546c05db979b800752734a8b73c06ce49c9a6cf7db2_amd64", "8Base-JAEGER-1.24:distributed-tracing/jaeger-query-rhel8@sha256:5575dca9092c9f1949b22fa165ecd03a910b59fe51d7d150e1d4ede43cc869d8_ppc64le", "8Base-JAEGER-1.24:distributed-tracing/jaeger-query-rhel8@sha256:87c8e391fb5f0fb9f64ad43b2ee341ca8ef5b8592cdd2fd7a7278e87a2c26f73_amd64", "8Base-JAEGER-1.24:distributed-tracing/jaeger-query-rhel8@sha256:f5126af833eaaa79e3acc9f232274d0f9af50871bd8d6a8b4ca401854eb9d69e_s390x", "8Base-JAEGER-1.24:distributed-tracing/jaeger-rhel8-operator@sha256:3c6a5a772f9b069be99bec6133bba4016916598a1126240a8fb1fd333b321af7_s390x", "8Base-JAEGER-1.24:distributed-tracing/jaeger-rhel8-operator@sha256:633b50d4922d3f97498e254e0f918bcbea56f86621218306964d4e3d6e5d636f_amd64", "8Base-JAEGER-1.24:distributed-tracing/jaeger-rhel8-operator@sha256:9f06fe997b00503643e5aeac74cc9ddbe5600b2710fa2ca7c40b83a97117c9ab_ppc64le" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:3024" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "8Base-JAEGER-1.24:distributed-tracing/jaeger-agent-rhel8@sha256:735b306aa784be5c2fd25b8cb8e2acdb774b1219eefa694f98c096425e1e8de6_s390x", "8Base-JAEGER-1.24:distributed-tracing/jaeger-agent-rhel8@sha256:a9ec7de569df87e84e1e3fc5ca499fcf8cdd90dd785088089dba1f864e4d6b88_amd64", "8Base-JAEGER-1.24:distributed-tracing/jaeger-agent-rhel8@sha256:bdbef8098e1f49ec504c37fa088de7b56955b85ef7547aaab15ad9c48e42ba45_ppc64le", "8Base-JAEGER-1.24:distributed-tracing/jaeger-all-in-one-rhel8@sha256:7d5af7217e9bf8929c444ae33246b11efdde65f07e6c097a1472d8e14de86352_amd64", "8Base-JAEGER-1.24:distributed-tracing/jaeger-all-in-one-rhel8@sha256:9d271a288f1a1f5102863b7555eaafbc24f22a59f13ced48cd4370caeb2df343_ppc64le", "8Base-JAEGER-1.24:distributed-tracing/jaeger-all-in-one-rhel8@sha256:fcdb2127f8a269f5f6beffb6fe028244455aac3a0886bc59ce56c666e88b1302_s390x", "8Base-JAEGER-1.24:distributed-tracing/jaeger-collector-rhel8@sha256:7ac829d0b5eeaf57a9d42a185c6e731d35532c16b8d5e9e2f51c2f811bc91b09_ppc64le", "8Base-JAEGER-1.24:distributed-tracing/jaeger-collector-rhel8@sha256:87d78468016389498c470ff5c0cfae3e22acc1dd8ef055aceef44afa9ec6dae8_s390x", "8Base-JAEGER-1.24:distributed-tracing/jaeger-collector-rhel8@sha256:f9fddbafae2ae53c144133ed7bb9153820091646065ff74392464c957fdc3aed_amd64", "8Base-JAEGER-1.24:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:3664d658367bc964d285e592f0cb277909c3346ef6e9196db0beafba6b43e667_ppc64le", "8Base-JAEGER-1.24:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:a891a556ddc7010c809769a1f562e0836eb6b3b06b874ad2c67258c74c8a6b0d_s390x", "8Base-JAEGER-1.24:distributed-tracing/jaeger-es-index-cleaner-rhel8@sha256:fd243cd829d37fcc232afacf99060927902db9a21f31d4da5d5df547bdc15abd_amd64", "8Base-JAEGER-1.24:distributed-tracing/jaeger-es-rollover-rhel8@sha256:01ca4015280a87e491da3f59e9c347a4b07f7a9faf352932a4acf9f3694806fb_amd64", "8Base-JAEGER-1.24:distributed-tracing/jaeger-es-rollover-rhel8@sha256:ab83395c98e913252c6990d91d42dd670623afe32abde63c8ec93e2a715daabf_ppc64le", "8Base-JAEGER-1.24:distributed-tracing/jaeger-es-rollover-rhel8@sha256:abf305acbcd3b1d6add81353fcc08ddf389cb38caf579ae3d1f3a9f506533f31_s390x", "8Base-JAEGER-1.24:distributed-tracing/jaeger-ingester-rhel8@sha256:08d933c1abc89403e94199da7a473d42b753f6df9666c393960dfd7b38f255bd_s390x", "8Base-JAEGER-1.24:distributed-tracing/jaeger-ingester-rhel8@sha256:c03a94c2f0e6dfe0575514e08640ef170f240577ab025aea4766daac72b12c3a_ppc64le", "8Base-JAEGER-1.24:distributed-tracing/jaeger-ingester-rhel8@sha256:c16b9e67b5b6cef8d23e3546c05db979b800752734a8b73c06ce49c9a6cf7db2_amd64", "8Base-JAEGER-1.24:distributed-tracing/jaeger-query-rhel8@sha256:5575dca9092c9f1949b22fa165ecd03a910b59fe51d7d150e1d4ede43cc869d8_ppc64le", "8Base-JAEGER-1.24:distributed-tracing/jaeger-query-rhel8@sha256:87c8e391fb5f0fb9f64ad43b2ee341ca8ef5b8592cdd2fd7a7278e87a2c26f73_amd64", "8Base-JAEGER-1.24:distributed-tracing/jaeger-query-rhel8@sha256:f5126af833eaaa79e3acc9f232274d0f9af50871bd8d6a8b4ca401854eb9d69e_s390x", "8Base-JAEGER-1.24:distributed-tracing/jaeger-rhel8-operator@sha256:3c6a5a772f9b069be99bec6133bba4016916598a1126240a8fb1fd333b321af7_s390x", "8Base-JAEGER-1.24:distributed-tracing/jaeger-rhel8-operator@sha256:633b50d4922d3f97498e254e0f918bcbea56f86621218306964d4e3d6e5d636f_amd64", "8Base-JAEGER-1.24:distributed-tracing/jaeger-rhel8-operator@sha256:9f06fe997b00503643e5aeac74cc9ddbe5600b2710fa2ca7c40b83a97117c9ab_ppc64le" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs-ua-parser-js: ReDoS via malicious User-Agent header" } ] }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.