rhsa-2021_4628
Vulnerability from csaf_redhat
Published
2021-11-17 02:22
Modified
2024-11-06 00:10
Summary
Red Hat Security Advisory: Openshift Logging 5.1.4 bug fix and security update
Notes
Topic
An update is now available for OpenShift Logging 5.1.4.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Openshift Logging Bug Fix Release (5.1.4)
Security Fix(es):
* nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)
* nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Low" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for OpenShift Logging 5.1.4.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Openshift Logging Bug Fix Release (5.1.4)\n\nSecurity Fix(es):\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2021:4628", "url": "https://access.redhat.com/errata/RHSA-2021:4628" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#low", "url": "https://access.redhat.com/security/updates/classification/#low" }, { "category": "external", "summary": "1948761", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948761" }, { "category": "external", "summary": "1956688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956688" }, { "category": "external", "summary": "LOG-1858", "url": "https://issues.redhat.com/browse/LOG-1858" }, { "category": "external", "summary": "LOG-1917", "url": "https://issues.redhat.com/browse/LOG-1917" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4628.json" } ], "title": "Red Hat Security Advisory: Openshift Logging 5.1.4 bug fix and security update", "tracking": { "current_release_date": "2024-11-06T00:10:21+00:00", "generator": { "date": "2024-11-06T00:10:21+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2021:4628", "initial_release_date": "2021-11-17T02:22:53+00:00", "revision_history": [ { "date": "2021-11-17T02:22:53+00:00", "number": "1", "summary": "Initial version" }, { "date": "2021-11-17T02:22:53+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T00:10:21+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "OpenShift Logging 5.1", "product": { "name": "OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:logging:5.1::el8" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:5c8ab23b7f2a15d1433256fe6680c13b34dd4e123ce55bbceb5da2e0947098b0_s390x", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:5c8ab23b7f2a15d1433256fe6680c13b34dd4e123ce55bbceb5da2e0947098b0_s390x", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:5c8ab23b7f2a15d1433256fe6680c13b34dd4e123ce55bbceb5da2e0947098b0_s390x", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:5c8ab23b7f2a15d1433256fe6680c13b34dd4e123ce55bbceb5da2e0947098b0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.1.4-1" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:d1bea109ca85e381f015e18f1ee6ee4eb5f7b8876903663aded66e581bfa7dda_s390x", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:d1bea109ca85e381f015e18f1ee6ee4eb5f7b8876903663aded66e581bfa7dda_s390x", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:d1bea109ca85e381f015e18f1ee6ee4eb5f7b8876903663aded66e581bfa7dda_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:d1bea109ca85e381f015e18f1ee6ee4eb5f7b8876903663aded66e581bfa7dda?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.1.4-2" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:48d73be0d01a4913ec69b06b04ca330adaa09d6268c2bbfc5938a7d4995aeb66_s390x", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:48d73be0d01a4913ec69b06b04ca330adaa09d6268c2bbfc5938a7d4995aeb66_s390x", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:48d73be0d01a4913ec69b06b04ca330adaa09d6268c2bbfc5938a7d4995aeb66_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:48d73be0d01a4913ec69b06b04ca330adaa09d6268c2bbfc5938a7d4995aeb66?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-41" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:b4e2e17de6d611f358c671bd16b768c7961675d125a693b518861cb1ac72e942_s390x", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:b4e2e17de6d611f358c671bd16b768c7961675d125a693b518861cb1ac72e942_s390x", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:b4e2e17de6d611f358c671bd16b768c7961675d125a693b518861cb1ac72e942_s390x", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:b4e2e17de6d611f358c671bd16b768c7961675d125a693b518861cb1ac72e942?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-39" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:7177e4f15fff74e74005daa12410a9481e8e98021185391dab20b1d4af294f59_s390x", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:7177e4f15fff74e74005daa12410a9481e8e98021185391dab20b1d4af294f59_s390x", "product_id": "openshift-logging/eventrouter-rhel8@sha256:7177e4f15fff74e74005daa12410a9481e8e98021185391dab20b1d4af294f59_s390x", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:7177e4f15fff74e74005daa12410a9481e8e98021185391dab20b1d4af294f59?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-39" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:7cbade1bc717c611aead08262449649b39f3a296274fbe77cfc40e4e2d7c41f8_s390x", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:7cbade1bc717c611aead08262449649b39f3a296274fbe77cfc40e4e2d7c41f8_s390x", "product_id": "openshift-logging/fluentd-rhel8@sha256:7cbade1bc717c611aead08262449649b39f3a296274fbe77cfc40e4e2d7c41f8_s390x", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:7cbade1bc717c611aead08262449649b39f3a296274fbe77cfc40e4e2d7c41f8?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-39" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:df544a9f4d3b4ee72aa1f83479088d094fb85b6ebfa0f4cb0329b29f2a794900_s390x", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:df544a9f4d3b4ee72aa1f83479088d094fb85b6ebfa0f4cb0329b29f2a794900_s390x", "product_id": "openshift-logging/kibana6-rhel8@sha256:df544a9f4d3b4ee72aa1f83479088d094fb85b6ebfa0f4cb0329b29f2a794900_s390x", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:df544a9f4d3b4ee72aa1f83479088d094fb85b6ebfa0f4cb0329b29f2a794900?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-48" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:520d4aff85af992db19855a00adfc9328fff3c3ca79836f60fdaffc209a36089_amd64", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:520d4aff85af992db19855a00adfc9328fff3c3ca79836f60fdaffc209a36089_amd64", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:520d4aff85af992db19855a00adfc9328fff3c3ca79836f60fdaffc209a36089_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:520d4aff85af992db19855a00adfc9328fff3c3ca79836f60fdaffc209a36089?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.1.4-1" } } }, { "category": "product_version", "name": "openshift-logging/cluster-logging-operator-bundle@sha256:8501f1121df861950d13535f20063c942ab3a880102aecef7bf93cfa2954a506_amd64", "product": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:8501f1121df861950d13535f20063c942ab3a880102aecef7bf93cfa2954a506_amd64", "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:8501f1121df861950d13535f20063c942ab3a880102aecef7bf93cfa2954a506_amd64", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:8501f1121df861950d13535f20063c942ab3a880102aecef7bf93cfa2954a506?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.1.4-8" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:0655e77f05d362b0436c3f0fea41cec77ef6928291444d65e00a911c05a26063_amd64", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:0655e77f05d362b0436c3f0fea41cec77ef6928291444d65e00a911c05a26063_amd64", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:0655e77f05d362b0436c3f0fea41cec77ef6928291444d65e00a911c05a26063_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:0655e77f05d362b0436c3f0fea41cec77ef6928291444d65e00a911c05a26063?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.1.4-2" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-operator-bundle@sha256:ffac4aab09e1567ed8d25d8a401032a88538a23693390d74f404a6c46ca437ab_amd64", "product": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:ffac4aab09e1567ed8d25d8a401032a88538a23693390d74f404a6c46ca437ab_amd64", "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:ffac4aab09e1567ed8d25d8a401032a88538a23693390d74f404a6c46ca437ab_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:ffac4aab09e1567ed8d25d8a401032a88538a23693390d74f404a6c46ca437ab?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.1.4-9" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a66bf8844b65eda728b562994f22df5c29072b0a21dbd75a6cd259b1fb9f5ffe_amd64", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a66bf8844b65eda728b562994f22df5c29072b0a21dbd75a6cd259b1fb9f5ffe_amd64", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a66bf8844b65eda728b562994f22df5c29072b0a21dbd75a6cd259b1fb9f5ffe_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:a66bf8844b65eda728b562994f22df5c29072b0a21dbd75a6cd259b1fb9f5ffe?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-41" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:0b340bdd57d7a254db0b9bd875bae50619af6faf3686885a30720d0db57ac3e8_amd64", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:0b340bdd57d7a254db0b9bd875bae50619af6faf3686885a30720d0db57ac3e8_amd64", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:0b340bdd57d7a254db0b9bd875bae50619af6faf3686885a30720d0db57ac3e8_amd64", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:0b340bdd57d7a254db0b9bd875bae50619af6faf3686885a30720d0db57ac3e8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-39" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:3f9d0b9723a2e8071433a8fb7feb2000108702229a4281b26a02b5a2e45da7b7_amd64", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:3f9d0b9723a2e8071433a8fb7feb2000108702229a4281b26a02b5a2e45da7b7_amd64", "product_id": "openshift-logging/eventrouter-rhel8@sha256:3f9d0b9723a2e8071433a8fb7feb2000108702229a4281b26a02b5a2e45da7b7_amd64", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:3f9d0b9723a2e8071433a8fb7feb2000108702229a4281b26a02b5a2e45da7b7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-39" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:39e9bfd8e3986e1eb909538d9d6ba3a9b5fd34c0d5b38ce43a437625a2a5c339_amd64", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:39e9bfd8e3986e1eb909538d9d6ba3a9b5fd34c0d5b38ce43a437625a2a5c339_amd64", "product_id": "openshift-logging/fluentd-rhel8@sha256:39e9bfd8e3986e1eb909538d9d6ba3a9b5fd34c0d5b38ce43a437625a2a5c339_amd64", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:39e9bfd8e3986e1eb909538d9d6ba3a9b5fd34c0d5b38ce43a437625a2a5c339?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-39" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:07419114c8a894f9561e639a9af036ba57b808c20d8d5e04ffc4533e29a592c2_amd64", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:07419114c8a894f9561e639a9af036ba57b808c20d8d5e04ffc4533e29a592c2_amd64", "product_id": "openshift-logging/kibana6-rhel8@sha256:07419114c8a894f9561e639a9af036ba57b808c20d8d5e04ffc4533e29a592c2_amd64", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:07419114c8a894f9561e639a9af036ba57b808c20d8d5e04ffc4533e29a592c2?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-48" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:ef2775e5c9c3d26d98221c679d55f8f07d0331803ab3ba53d51a1f64b71198e9_ppc64le", "product": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:ef2775e5c9c3d26d98221c679d55f8f07d0331803ab3ba53d51a1f64b71198e9_ppc64le", "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:ef2775e5c9c3d26d98221c679d55f8f07d0331803ab3ba53d51a1f64b71198e9_ppc64le", "product_identification_helper": { "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:ef2775e5c9c3d26d98221c679d55f8f07d0331803ab3ba53d51a1f64b71198e9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.1.4-1" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:815c7c0278017d894f3a059eb7ca721739229c37e8777e7e127bdf27fa471bba_ppc64le", "product": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:815c7c0278017d894f3a059eb7ca721739229c37e8777e7e127bdf27fa471bba_ppc64le", "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:815c7c0278017d894f3a059eb7ca721739229c37e8777e7e127bdf27fa471bba_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:815c7c0278017d894f3a059eb7ca721739229c37e8777e7e127bdf27fa471bba?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.1.4-2" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f398a1bdd3fa678aa98a35d180005ba661f2a8ce4f17f4fe30415c284082b5b5_ppc64le", "product": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f398a1bdd3fa678aa98a35d180005ba661f2a8ce4f17f4fe30415c284082b5b5_ppc64le", "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f398a1bdd3fa678aa98a35d180005ba661f2a8ce4f17f4fe30415c284082b5b5_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:f398a1bdd3fa678aa98a35d180005ba661f2a8ce4f17f4fe30415c284082b5b5?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-41" } } }, { "category": "product_version", "name": "openshift-logging/elasticsearch6-rhel8@sha256:1f0bb97a4a23cdecc4bb887f26d362184d35a9add55844974c8f577155a62d6a_ppc64le", "product": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:1f0bb97a4a23cdecc4bb887f26d362184d35a9add55844974c8f577155a62d6a_ppc64le", "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:1f0bb97a4a23cdecc4bb887f26d362184d35a9add55844974c8f577155a62d6a_ppc64le", "product_identification_helper": { "purl": "pkg:oci/elasticsearch6-rhel8@sha256:1f0bb97a4a23cdecc4bb887f26d362184d35a9add55844974c8f577155a62d6a?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-39" } } }, { "category": "product_version", "name": "openshift-logging/eventrouter-rhel8@sha256:82f2130357fd0b161f5df871aac0bfa5ac51a62f5161727ffb13e0a56c20bf93_ppc64le", "product": { "name": "openshift-logging/eventrouter-rhel8@sha256:82f2130357fd0b161f5df871aac0bfa5ac51a62f5161727ffb13e0a56c20bf93_ppc64le", "product_id": "openshift-logging/eventrouter-rhel8@sha256:82f2130357fd0b161f5df871aac0bfa5ac51a62f5161727ffb13e0a56c20bf93_ppc64le", "product_identification_helper": { "purl": "pkg:oci/eventrouter-rhel8@sha256:82f2130357fd0b161f5df871aac0bfa5ac51a62f5161727ffb13e0a56c20bf93?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-39" } } }, { "category": "product_version", "name": "openshift-logging/fluentd-rhel8@sha256:d6e5fd11b5846fe352b62d589413503f54f55689abd2118968aebe9eea7fc6e9_ppc64le", "product": { "name": "openshift-logging/fluentd-rhel8@sha256:d6e5fd11b5846fe352b62d589413503f54f55689abd2118968aebe9eea7fc6e9_ppc64le", "product_id": "openshift-logging/fluentd-rhel8@sha256:d6e5fd11b5846fe352b62d589413503f54f55689abd2118968aebe9eea7fc6e9_ppc64le", "product_identification_helper": { "purl": "pkg:oci/fluentd-rhel8@sha256:d6e5fd11b5846fe352b62d589413503f54f55689abd2118968aebe9eea7fc6e9?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-39" } } }, { "category": "product_version", "name": "openshift-logging/kibana6-rhel8@sha256:8af2047ad56faf9b704e54f93d7cca61bae34ace6946435ff6d82a5fe90a0884_ppc64le", "product": { "name": "openshift-logging/kibana6-rhel8@sha256:8af2047ad56faf9b704e54f93d7cca61bae34ace6946435ff6d82a5fe90a0884_ppc64le", "product_id": "openshift-logging/kibana6-rhel8@sha256:8af2047ad56faf9b704e54f93d7cca61bae34ace6946435ff6d82a5fe90a0884_ppc64le", "product_identification_helper": { "purl": "pkg:oci/kibana6-rhel8@sha256:8af2047ad56faf9b704e54f93d7cca61bae34ace6946435ff6d82a5fe90a0884?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-48" } } } ], "category": "architecture", "name": "ppc64le" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-operator-bundle@sha256:8501f1121df861950d13535f20063c942ab3a880102aecef7bf93cfa2954a506_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:8501f1121df861950d13535f20063c942ab3a880102aecef7bf93cfa2954a506_amd64" }, "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:8501f1121df861950d13535f20063c942ab3a880102aecef7bf93cfa2954a506_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:520d4aff85af992db19855a00adfc9328fff3c3ca79836f60fdaffc209a36089_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:520d4aff85af992db19855a00adfc9328fff3c3ca79836f60fdaffc209a36089_amd64" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:520d4aff85af992db19855a00adfc9328fff3c3ca79836f60fdaffc209a36089_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:5c8ab23b7f2a15d1433256fe6680c13b34dd4e123ce55bbceb5da2e0947098b0_s390x as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:5c8ab23b7f2a15d1433256fe6680c13b34dd4e123ce55bbceb5da2e0947098b0_s390x" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:5c8ab23b7f2a15d1433256fe6680c13b34dd4e123ce55bbceb5da2e0947098b0_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:ef2775e5c9c3d26d98221c679d55f8f07d0331803ab3ba53d51a1f64b71198e9_ppc64le as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ef2775e5c9c3d26d98221c679d55f8f07d0331803ab3ba53d51a1f64b71198e9_ppc64le" }, "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:ef2775e5c9c3d26d98221c679d55f8f07d0331803ab3ba53d51a1f64b71198e9_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-operator-bundle@sha256:ffac4aab09e1567ed8d25d8a401032a88538a23693390d74f404a6c46ca437ab_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:ffac4aab09e1567ed8d25d8a401032a88538a23693390d74f404a6c46ca437ab_amd64" }, "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:ffac4aab09e1567ed8d25d8a401032a88538a23693390d74f404a6c46ca437ab_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:48d73be0d01a4913ec69b06b04ca330adaa09d6268c2bbfc5938a7d4995aeb66_s390x as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:48d73be0d01a4913ec69b06b04ca330adaa09d6268c2bbfc5938a7d4995aeb66_s390x" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:48d73be0d01a4913ec69b06b04ca330adaa09d6268c2bbfc5938a7d4995aeb66_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a66bf8844b65eda728b562994f22df5c29072b0a21dbd75a6cd259b1fb9f5ffe_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:a66bf8844b65eda728b562994f22df5c29072b0a21dbd75a6cd259b1fb9f5ffe_amd64" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:a66bf8844b65eda728b562994f22df5c29072b0a21dbd75a6cd259b1fb9f5ffe_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f398a1bdd3fa678aa98a35d180005ba661f2a8ce4f17f4fe30415c284082b5b5_ppc64le as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:f398a1bdd3fa678aa98a35d180005ba661f2a8ce4f17f4fe30415c284082b5b5_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:f398a1bdd3fa678aa98a35d180005ba661f2a8ce4f17f4fe30415c284082b5b5_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:0655e77f05d362b0436c3f0fea41cec77ef6928291444d65e00a911c05a26063_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0655e77f05d362b0436c3f0fea41cec77ef6928291444d65e00a911c05a26063_amd64" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:0655e77f05d362b0436c3f0fea41cec77ef6928291444d65e00a911c05a26063_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:815c7c0278017d894f3a059eb7ca721739229c37e8777e7e127bdf27fa471bba_ppc64le as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:815c7c0278017d894f3a059eb7ca721739229c37e8777e7e127bdf27fa471bba_ppc64le" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:815c7c0278017d894f3a059eb7ca721739229c37e8777e7e127bdf27fa471bba_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:d1bea109ca85e381f015e18f1ee6ee4eb5f7b8876903663aded66e581bfa7dda_s390x as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:d1bea109ca85e381f015e18f1ee6ee4eb5f7b8876903663aded66e581bfa7dda_s390x" }, "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:d1bea109ca85e381f015e18f1ee6ee4eb5f7b8876903663aded66e581bfa7dda_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:0b340bdd57d7a254db0b9bd875bae50619af6faf3686885a30720d0db57ac3e8_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:0b340bdd57d7a254db0b9bd875bae50619af6faf3686885a30720d0db57ac3e8_amd64" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:0b340bdd57d7a254db0b9bd875bae50619af6faf3686885a30720d0db57ac3e8_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:1f0bb97a4a23cdecc4bb887f26d362184d35a9add55844974c8f577155a62d6a_ppc64le as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:1f0bb97a4a23cdecc4bb887f26d362184d35a9add55844974c8f577155a62d6a_ppc64le" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:1f0bb97a4a23cdecc4bb887f26d362184d35a9add55844974c8f577155a62d6a_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/elasticsearch6-rhel8@sha256:b4e2e17de6d611f358c671bd16b768c7961675d125a693b518861cb1ac72e942_s390x as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:b4e2e17de6d611f358c671bd16b768c7961675d125a693b518861cb1ac72e942_s390x" }, "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:b4e2e17de6d611f358c671bd16b768c7961675d125a693b518861cb1ac72e942_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:3f9d0b9723a2e8071433a8fb7feb2000108702229a4281b26a02b5a2e45da7b7_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:3f9d0b9723a2e8071433a8fb7feb2000108702229a4281b26a02b5a2e45da7b7_amd64" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:3f9d0b9723a2e8071433a8fb7feb2000108702229a4281b26a02b5a2e45da7b7_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:7177e4f15fff74e74005daa12410a9481e8e98021185391dab20b1d4af294f59_s390x as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7177e4f15fff74e74005daa12410a9481e8e98021185391dab20b1d4af294f59_s390x" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:7177e4f15fff74e74005daa12410a9481e8e98021185391dab20b1d4af294f59_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/eventrouter-rhel8@sha256:82f2130357fd0b161f5df871aac0bfa5ac51a62f5161727ffb13e0a56c20bf93_ppc64le as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:82f2130357fd0b161f5df871aac0bfa5ac51a62f5161727ffb13e0a56c20bf93_ppc64le" }, "product_reference": "openshift-logging/eventrouter-rhel8@sha256:82f2130357fd0b161f5df871aac0bfa5ac51a62f5161727ffb13e0a56c20bf93_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:39e9bfd8e3986e1eb909538d9d6ba3a9b5fd34c0d5b38ce43a437625a2a5c339_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:39e9bfd8e3986e1eb909538d9d6ba3a9b5fd34c0d5b38ce43a437625a2a5c339_amd64" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:39e9bfd8e3986e1eb909538d9d6ba3a9b5fd34c0d5b38ce43a437625a2a5c339_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:7cbade1bc717c611aead08262449649b39f3a296274fbe77cfc40e4e2d7c41f8_s390x as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:7cbade1bc717c611aead08262449649b39f3a296274fbe77cfc40e4e2d7c41f8_s390x" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:7cbade1bc717c611aead08262449649b39f3a296274fbe77cfc40e4e2d7c41f8_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/fluentd-rhel8@sha256:d6e5fd11b5846fe352b62d589413503f54f55689abd2118968aebe9eea7fc6e9_ppc64le as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d6e5fd11b5846fe352b62d589413503f54f55689abd2118968aebe9eea7fc6e9_ppc64le" }, "product_reference": "openshift-logging/fluentd-rhel8@sha256:d6e5fd11b5846fe352b62d589413503f54f55689abd2118968aebe9eea7fc6e9_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:07419114c8a894f9561e639a9af036ba57b808c20d8d5e04ffc4533e29a592c2_amd64 as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:07419114c8a894f9561e639a9af036ba57b808c20d8d5e04ffc4533e29a592c2_amd64" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:07419114c8a894f9561e639a9af036ba57b808c20d8d5e04ffc4533e29a592c2_amd64", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:8af2047ad56faf9b704e54f93d7cca61bae34ace6946435ff6d82a5fe90a0884_ppc64le as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:8af2047ad56faf9b704e54f93d7cca61bae34ace6946435ff6d82a5fe90a0884_ppc64le" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:8af2047ad56faf9b704e54f93d7cca61bae34ace6946435ff6d82a5fe90a0884_ppc64le", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-logging/kibana6-rhel8@sha256:df544a9f4d3b4ee72aa1f83479088d094fb85b6ebfa0f4cb0329b29f2a794900_s390x as a component of OpenShift Logging 5.1", "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:df544a9f4d3b4ee72aa1f83479088d094fb85b6ebfa0f4cb0329b29f2a794900_s390x" }, "product_reference": "openshift-logging/kibana6-rhel8@sha256:df544a9f4d3b4ee72aa1f83479088d094fb85b6ebfa0f4cb0329b29f2a794900_s390x", "relates_to_product_reference": "8Base-OSE-LOGGING-5.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-23369", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2021-04-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:8501f1121df861950d13535f20063c942ab3a880102aecef7bf93cfa2954a506_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:520d4aff85af992db19855a00adfc9328fff3c3ca79836f60fdaffc209a36089_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:5c8ab23b7f2a15d1433256fe6680c13b34dd4e123ce55bbceb5da2e0947098b0_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ef2775e5c9c3d26d98221c679d55f8f07d0331803ab3ba53d51a1f64b71198e9_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:ffac4aab09e1567ed8d25d8a401032a88538a23693390d74f404a6c46ca437ab_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:48d73be0d01a4913ec69b06b04ca330adaa09d6268c2bbfc5938a7d4995aeb66_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:a66bf8844b65eda728b562994f22df5c29072b0a21dbd75a6cd259b1fb9f5ffe_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:f398a1bdd3fa678aa98a35d180005ba661f2a8ce4f17f4fe30415c284082b5b5_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0655e77f05d362b0436c3f0fea41cec77ef6928291444d65e00a911c05a26063_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:815c7c0278017d894f3a059eb7ca721739229c37e8777e7e127bdf27fa471bba_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:d1bea109ca85e381f015e18f1ee6ee4eb5f7b8876903663aded66e581bfa7dda_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:0b340bdd57d7a254db0b9bd875bae50619af6faf3686885a30720d0db57ac3e8_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:1f0bb97a4a23cdecc4bb887f26d362184d35a9add55844974c8f577155a62d6a_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:b4e2e17de6d611f358c671bd16b768c7961675d125a693b518861cb1ac72e942_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:3f9d0b9723a2e8071433a8fb7feb2000108702229a4281b26a02b5a2e45da7b7_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7177e4f15fff74e74005daa12410a9481e8e98021185391dab20b1d4af294f59_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:82f2130357fd0b161f5df871aac0bfa5ac51a62f5161727ffb13e0a56c20bf93_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:39e9bfd8e3986e1eb909538d9d6ba3a9b5fd34c0d5b38ce43a437625a2a5c339_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:7cbade1bc717c611aead08262449649b39f3a296274fbe77cfc40e4e2d7c41f8_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d6e5fd11b5846fe352b62d589413503f54f55689abd2118968aebe9eea7fc6e9_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1948761" } ], "notes": [ { "category": "description", "text": "A flaw was found in nodejs-handlebars. A missing check when getting prototype properties in the template function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system (e.g. browser or server) when the template is compiled with the strict:true option. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenShift Container Platform (OCP) 4 delivers the kibana package which includes Handlebars.js. From OCP 4.6, the kibana package is no longer shipped and will not be fixed. \nThe openshift4/ose-logging-kibana6 container includes Handlebars.js directly as container first code.\n\nIn OpenShift Container Platform (OCP), OpenShift ServiceMesh (OSSM) and Red Hat Advanced Cluster Management for Kubernetes (RHACM) some components include the vulnerable handlebars library, but access is protected by OpenShift OAuth what reducing impact by this flaw to LOW.\n\nRed Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates so have been given a low impact rating.\n\nRed Hat Gluster Storage 3 bundles vulnerable Handlebars.js (with pcs), however it does not use \"strict\" option and templates from external sources, hence this issue has been rated as having a security impact of Low.\n\nIn Red Hat Virtualization ovirt-engine-ui-extensions and ovirt-web-ui Handlebars.js is included as a dependency of conventional-changelog-writer, it does not impact production code and as such has been given a low impact rating and set to wontfix. Handlebars.js may be updated to a newer version in future updates.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:07419114c8a894f9561e639a9af036ba57b808c20d8d5e04ffc4533e29a592c2_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:8af2047ad56faf9b704e54f93d7cca61bae34ace6946435ff6d82a5fe90a0884_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:df544a9f4d3b4ee72aa1f83479088d094fb85b6ebfa0f4cb0329b29f2a794900_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:8501f1121df861950d13535f20063c942ab3a880102aecef7bf93cfa2954a506_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:520d4aff85af992db19855a00adfc9328fff3c3ca79836f60fdaffc209a36089_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:5c8ab23b7f2a15d1433256fe6680c13b34dd4e123ce55bbceb5da2e0947098b0_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ef2775e5c9c3d26d98221c679d55f8f07d0331803ab3ba53d51a1f64b71198e9_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:ffac4aab09e1567ed8d25d8a401032a88538a23693390d74f404a6c46ca437ab_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:48d73be0d01a4913ec69b06b04ca330adaa09d6268c2bbfc5938a7d4995aeb66_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:a66bf8844b65eda728b562994f22df5c29072b0a21dbd75a6cd259b1fb9f5ffe_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:f398a1bdd3fa678aa98a35d180005ba661f2a8ce4f17f4fe30415c284082b5b5_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0655e77f05d362b0436c3f0fea41cec77ef6928291444d65e00a911c05a26063_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:815c7c0278017d894f3a059eb7ca721739229c37e8777e7e127bdf27fa471bba_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:d1bea109ca85e381f015e18f1ee6ee4eb5f7b8876903663aded66e581bfa7dda_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:0b340bdd57d7a254db0b9bd875bae50619af6faf3686885a30720d0db57ac3e8_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:1f0bb97a4a23cdecc4bb887f26d362184d35a9add55844974c8f577155a62d6a_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:b4e2e17de6d611f358c671bd16b768c7961675d125a693b518861cb1ac72e942_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:3f9d0b9723a2e8071433a8fb7feb2000108702229a4281b26a02b5a2e45da7b7_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7177e4f15fff74e74005daa12410a9481e8e98021185391dab20b1d4af294f59_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:82f2130357fd0b161f5df871aac0bfa5ac51a62f5161727ffb13e0a56c20bf93_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:39e9bfd8e3986e1eb909538d9d6ba3a9b5fd34c0d5b38ce43a437625a2a5c339_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:7cbade1bc717c611aead08262449649b39f3a296274fbe77cfc40e4e2d7c41f8_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d6e5fd11b5846fe352b62d589413503f54f55689abd2118968aebe9eea7fc6e9_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-23369" }, { "category": "external", "summary": "RHBZ#1948761", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1948761" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23369", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23369" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23369", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23369" } ], "release_date": "2021-04-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-17T02:22:53+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:07419114c8a894f9561e639a9af036ba57b808c20d8d5e04ffc4533e29a592c2_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:8af2047ad56faf9b704e54f93d7cca61bae34ace6946435ff6d82a5fe90a0884_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:df544a9f4d3b4ee72aa1f83479088d094fb85b6ebfa0f4cb0329b29f2a794900_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4628" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:07419114c8a894f9561e639a9af036ba57b808c20d8d5e04ffc4533e29a592c2_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:8af2047ad56faf9b704e54f93d7cca61bae34ace6946435ff6d82a5fe90a0884_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:df544a9f4d3b4ee72aa1f83479088d094fb85b6ebfa0f4cb0329b29f2a794900_s390x" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option" }, { "cve": "CVE-2021-23383", "cwe": { "id": "CWE-94", "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)" }, "discovery_date": "2021-04-12T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:8501f1121df861950d13535f20063c942ab3a880102aecef7bf93cfa2954a506_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:520d4aff85af992db19855a00adfc9328fff3c3ca79836f60fdaffc209a36089_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:5c8ab23b7f2a15d1433256fe6680c13b34dd4e123ce55bbceb5da2e0947098b0_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ef2775e5c9c3d26d98221c679d55f8f07d0331803ab3ba53d51a1f64b71198e9_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:ffac4aab09e1567ed8d25d8a401032a88538a23693390d74f404a6c46ca437ab_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:48d73be0d01a4913ec69b06b04ca330adaa09d6268c2bbfc5938a7d4995aeb66_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:a66bf8844b65eda728b562994f22df5c29072b0a21dbd75a6cd259b1fb9f5ffe_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:f398a1bdd3fa678aa98a35d180005ba661f2a8ce4f17f4fe30415c284082b5b5_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0655e77f05d362b0436c3f0fea41cec77ef6928291444d65e00a911c05a26063_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:815c7c0278017d894f3a059eb7ca721739229c37e8777e7e127bdf27fa471bba_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:d1bea109ca85e381f015e18f1ee6ee4eb5f7b8876903663aded66e581bfa7dda_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:0b340bdd57d7a254db0b9bd875bae50619af6faf3686885a30720d0db57ac3e8_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:1f0bb97a4a23cdecc4bb887f26d362184d35a9add55844974c8f577155a62d6a_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:b4e2e17de6d611f358c671bd16b768c7961675d125a693b518861cb1ac72e942_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:3f9d0b9723a2e8071433a8fb7feb2000108702229a4281b26a02b5a2e45da7b7_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7177e4f15fff74e74005daa12410a9481e8e98021185391dab20b1d4af294f59_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:82f2130357fd0b161f5df871aac0bfa5ac51a62f5161727ffb13e0a56c20bf93_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:39e9bfd8e3986e1eb909538d9d6ba3a9b5fd34c0d5b38ce43a437625a2a5c339_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:7cbade1bc717c611aead08262449649b39f3a296274fbe77cfc40e4e2d7c41f8_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d6e5fd11b5846fe352b62d589413503f54f55689abd2118968aebe9eea7fc6e9_ppc64le" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1956688" } ], "notes": [ { "category": "description", "text": "A flaw was found in nodejs-handlebars. A unescaped value in the JavaScriptCompiler.prototype.depthedLookup function allows an attacker, who can provide untrusted handlebars templates, to execute arbitrary code in the javascript system (e.g. browser or server) when the template is compiled with the compat:true option. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenShift Container Platform (OCP) 4 delivers the kibana component which includes Handlebars.js. Starting in 4.6, kibana is shipping as \"container first\" content. As such, the fix for OCP will be seen in the affected products table under openshift4/ose-logging-kibana6. The separate package \"kibana\" listed under \"OpenShift Container Platform 4\" is only used by 4.5 and earlier and will not be fixed.\n\nIn OpenShift Container Platform (OCP) and OpenShift ServiceMesh (OSSM) some components include the vulnerable handlebars library, but access is protected by OpenShift OAuth what reducing impact by this flaw to LOW.\n\nRed Hat Quay includes Handlebars.js as a development dependency. It does not use Handlebars.js at runtime to process templates so have been given a low impact rating.\n\nRed Hat Gluster Storage 3 bundles vulnerable Handlebars.js (with pcs), however it does not use \"compat\" option and templates from external sources, hence this issue has been rated as having a security impact of Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:07419114c8a894f9561e639a9af036ba57b808c20d8d5e04ffc4533e29a592c2_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:8af2047ad56faf9b704e54f93d7cca61bae34ace6946435ff6d82a5fe90a0884_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:df544a9f4d3b4ee72aa1f83479088d094fb85b6ebfa0f4cb0329b29f2a794900_s390x" ], "known_not_affected": [ "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:8501f1121df861950d13535f20063c942ab3a880102aecef7bf93cfa2954a506_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:520d4aff85af992db19855a00adfc9328fff3c3ca79836f60fdaffc209a36089_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:5c8ab23b7f2a15d1433256fe6680c13b34dd4e123ce55bbceb5da2e0947098b0_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:ef2775e5c9c3d26d98221c679d55f8f07d0331803ab3ba53d51a1f64b71198e9_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:ffac4aab09e1567ed8d25d8a401032a88538a23693390d74f404a6c46ca437ab_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:48d73be0d01a4913ec69b06b04ca330adaa09d6268c2bbfc5938a7d4995aeb66_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:a66bf8844b65eda728b562994f22df5c29072b0a21dbd75a6cd259b1fb9f5ffe_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:f398a1bdd3fa678aa98a35d180005ba661f2a8ce4f17f4fe30415c284082b5b5_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0655e77f05d362b0436c3f0fea41cec77ef6928291444d65e00a911c05a26063_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:815c7c0278017d894f3a059eb7ca721739229c37e8777e7e127bdf27fa471bba_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:d1bea109ca85e381f015e18f1ee6ee4eb5f7b8876903663aded66e581bfa7dda_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:0b340bdd57d7a254db0b9bd875bae50619af6faf3686885a30720d0db57ac3e8_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:1f0bb97a4a23cdecc4bb887f26d362184d35a9add55844974c8f577155a62d6a_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:b4e2e17de6d611f358c671bd16b768c7961675d125a693b518861cb1ac72e942_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:3f9d0b9723a2e8071433a8fb7feb2000108702229a4281b26a02b5a2e45da7b7_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:7177e4f15fff74e74005daa12410a9481e8e98021185391dab20b1d4af294f59_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:82f2130357fd0b161f5df871aac0bfa5ac51a62f5161727ffb13e0a56c20bf93_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:39e9bfd8e3986e1eb909538d9d6ba3a9b5fd34c0d5b38ce43a437625a2a5c339_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:7cbade1bc717c611aead08262449649b39f3a296274fbe77cfc40e4e2d7c41f8_s390x", "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:d6e5fd11b5846fe352b62d589413503f54f55689abd2118968aebe9eea7fc6e9_ppc64le" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2021-23383" }, { "category": "external", "summary": "RHBZ#1956688", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956688" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2021-23383", "url": "https://www.cve.org/CVERecord?id=CVE-2021-23383" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23383", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23383" } ], "release_date": "2021-04-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2021-11-17T02:22:53+00:00", "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html", "product_ids": [ "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:07419114c8a894f9561e639a9af036ba57b808c20d8d5e04ffc4533e29a592c2_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:8af2047ad56faf9b704e54f93d7cca61bae34ace6946435ff6d82a5fe90a0884_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:df544a9f4d3b4ee72aa1f83479088d094fb85b6ebfa0f4cb0329b29f2a794900_s390x" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2021:4628" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:07419114c8a894f9561e639a9af036ba57b808c20d8d5e04ffc4533e29a592c2_amd64", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:8af2047ad56faf9b704e54f93d7cca61bae34ace6946435ff6d82a5fe90a0884_ppc64le", "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:df544a9f4d3b4ee72aa1f83479088d094fb85b6ebfa0f4cb0329b29f2a794900_s390x" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.