csaf_redhat - rhsa-2021

rhsa-2021_5191

Vulnerability from csaf_redhat

Published

2021-12-16 18:02

Modified

2024-11-22 17:44

Summary

Red Hat Security Advisory: Red Hat 3scale API Management 2.11.1 Release - Container Images

Notes

Topic

Red Hat 3scale API Management 2.11.1 Release - Container Images A security update for Red Hat 3scale API Management is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability listed as CVE link(s) in the References section.

Details

Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. This advisory is intended to use with Container Images, for Red Hat 3scale API Management 2.11.1. Security Fix(es): * rubygem-nokogiri: XML external entity injection via Nokogiri::XML::Schema (CVE-2020-26247) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat 3scale API Management 2.11.1 Release - Container Images\n\nA security update for Red Hat 3scale API Management is now available from the Red Hat Container Catalog.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability listed as CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools.\n\nThis advisory is intended to use with Container Images, for Red Hat 3scale API Management 2.11.1.\n\nSecurity Fix(es):\n\n* rubygem-nokogiri: XML external entity injection via Nokogiri::XML::Schema (CVE-2020-26247)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:5191",
        "url": "https://access.redhat.com/errata/RHSA-2021:5191"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.11/html-single/installing_3scale/index",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.11/html-single/installing_3scale/index"
      },
      {
        "category": "external",
        "summary": "1912487",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912487"
      },
      {
        "category": "external",
        "summary": "THREESCALE-6868",
        "url": "https://issues.redhat.com/browse/THREESCALE-6868"
      },
      {
        "category": "external",
        "summary": "THREESCALE-6879",
        "url": "https://issues.redhat.com/browse/THREESCALE-6879"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7030",
        "url": "https://issues.redhat.com/browse/THREESCALE-7030"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7203",
        "url": "https://issues.redhat.com/browse/THREESCALE-7203"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7475",
        "url": "https://issues.redhat.com/browse/THREESCALE-7475"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7488",
        "url": "https://issues.redhat.com/browse/THREESCALE-7488"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7573",
        "url": "https://issues.redhat.com/browse/THREESCALE-7573"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7605",
        "url": "https://issues.redhat.com/browse/THREESCALE-7605"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7633",
        "url": "https://issues.redhat.com/browse/THREESCALE-7633"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7644",
        "url": "https://issues.redhat.com/browse/THREESCALE-7644"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7646",
        "url": "https://issues.redhat.com/browse/THREESCALE-7646"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7648",
        "url": "https://issues.redhat.com/browse/THREESCALE-7648"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7704",
        "url": "https://issues.redhat.com/browse/THREESCALE-7704"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7731",
        "url": "https://issues.redhat.com/browse/THREESCALE-7731"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7761",
        "url": "https://issues.redhat.com/browse/THREESCALE-7761"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7765",
        "url": "https://issues.redhat.com/browse/THREESCALE-7765"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7834",
        "url": "https://issues.redhat.com/browse/THREESCALE-7834"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7863",
        "url": "https://issues.redhat.com/browse/THREESCALE-7863"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7884",
        "url": "https://issues.redhat.com/browse/THREESCALE-7884"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7912",
        "url": "https://issues.redhat.com/browse/THREESCALE-7912"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7913",
        "url": "https://issues.redhat.com/browse/THREESCALE-7913"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_5191.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat 3scale API Management 2.11.1 Release - Container Images",
    "tracking": {
      "current_release_date": "2024-11-22T17:44:10+00:00",
      "generator": {
        "date": "2024-11-22T17:44:10+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2021:5191",
      "initial_release_date": "2021-12-16T18:02:46+00:00",
      "revision_history": [
        {
          "date": "2021-12-16T18:02:46+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-12-16T18:02:46+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T17:44:10+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat 3Scale AMP 2.11",
                "product": {
                  "name": "Red Hat 3Scale AMP 2.11",
                  "product_id": "8Base-3scale-AMP-2.11-RHEL-8",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:3scale_amp:2.11::el8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat 3Scale AMP 2.11",
                "product": {
                  "name": "Red Hat 3Scale AMP 2.11",
                  "product_id": "7Server-RH7-3scale-AMP-2.11",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:3scale_amp:2.11::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "3scale API Management"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3scale-amp2/apicast-gateway-rhel8@sha256:2cce2b4dd44a06c6d08ee85e6c586ee8736a8b792edfd404d857e1b80758771e_amd64",
                "product": {
                  "name": "3scale-amp2/apicast-gateway-rhel8@sha256:2cce2b4dd44a06c6d08ee85e6c586ee8736a8b792edfd404d857e1b80758771e_amd64",
                  "product_id": "3scale-amp2/apicast-gateway-rhel8@sha256:2cce2b4dd44a06c6d08ee85e6c586ee8736a8b792edfd404d857e1b80758771e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/apicast-gateway-rhel8@sha256:2cce2b4dd44a06c6d08ee85e6c586ee8736a8b792edfd404d857e1b80758771e?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/apicast-gateway-rhel8\u0026tag=1.20.1-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/backend-rhel8@sha256:2ac5e91302bd75d97fbae9192ac776a19eb48141773db4cb39ba2f907c740682_amd64",
                "product": {
                  "name": "3scale-amp2/backend-rhel8@sha256:2ac5e91302bd75d97fbae9192ac776a19eb48141773db4cb39ba2f907c740682_amd64",
                  "product_id": "3scale-amp2/backend-rhel8@sha256:2ac5e91302bd75d97fbae9192ac776a19eb48141773db4cb39ba2f907c740682_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/backend-rhel8@sha256:2ac5e91302bd75d97fbae9192ac776a19eb48141773db4cb39ba2f907c740682?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/backend-rhel8\u0026tag=1.14.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/memcached-rhel7@sha256:e88d866f2538f3bd556715cce8d50e1310a346a679b4f1ed0e77696d0937998a_amd64",
                "product": {
                  "name": "3scale-amp2/memcached-rhel7@sha256:e88d866f2538f3bd556715cce8d50e1310a346a679b4f1ed0e77696d0937998a_amd64",
                  "product_id": "3scale-amp2/memcached-rhel7@sha256:e88d866f2538f3bd556715cce8d50e1310a346a679b4f1ed0e77696d0937998a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/memcached-rhel7@sha256:e88d866f2538f3bd556715cce8d50e1310a346a679b4f1ed0e77696d0937998a?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/memcached-rhel7\u0026tag=1.4.16-42"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/system-rhel7@sha256:32852c1ef328d9856012f8ae95b8ae755cd563422d24da6f36a41d3bb55a9d25_amd64",
                "product": {
                  "name": "3scale-amp2/system-rhel7@sha256:32852c1ef328d9856012f8ae95b8ae755cd563422d24da6f36a41d3bb55a9d25_amd64",
                  "product_id": "3scale-amp2/system-rhel7@sha256:32852c1ef328d9856012f8ae95b8ae755cd563422d24da6f36a41d3bb55a9d25_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/system-rhel7@sha256:32852c1ef328d9856012f8ae95b8ae755cd563422d24da6f36a41d3bb55a9d25?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/system-rhel7\u0026tag=1.15.1-13"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/zync-rhel8@sha256:586cb426e8363239abb94ccce8c85141b26bf50e04a5a05989905f4318be80b9_amd64",
                "product": {
                  "name": "3scale-amp2/zync-rhel8@sha256:586cb426e8363239abb94ccce8c85141b26bf50e04a5a05989905f4318be80b9_amd64",
                  "product_id": "3scale-amp2/zync-rhel8@sha256:586cb426e8363239abb94ccce8c85141b26bf50e04a5a05989905f4318be80b9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/zync-rhel8@sha256:586cb426e8363239abb94ccce8c85141b26bf50e04a5a05989905f4318be80b9?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/zync-rhel8\u0026tag=1.14.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:3cdddf4944527a760c6b9b83a80761ca103a54bef52c29c6554b64fcf932892d_amd64",
                "product": {
                  "name": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:3cdddf4944527a760c6b9b83a80761ca103a54bef52c29c6554b64fcf932892d_amd64",
                  "product_id": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:3cdddf4944527a760c6b9b83a80761ca103a54bef52c29c6554b64fcf932892d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/apicast-rhel7-operator-metadata@sha256:3cdddf4944527a760c6b9b83a80761ca103a54bef52c29c6554b64fcf932892d?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/apicast-rhel7-operator-metadata\u0026tag=2.11.1-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/apicast-rhel7-operator@sha256:db6d0effa8860adad6b7af7140f2673c84ea371bd6ffe337591b61ad1ad11a5d_amd64",
                "product": {
                  "name": "3scale-amp2/apicast-rhel7-operator@sha256:db6d0effa8860adad6b7af7140f2673c84ea371bd6ffe337591b61ad1ad11a5d_amd64",
                  "product_id": "3scale-amp2/apicast-rhel7-operator@sha256:db6d0effa8860adad6b7af7140f2673c84ea371bd6ffe337591b61ad1ad11a5d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/apicast-rhel7-operator@sha256:db6d0effa8860adad6b7af7140f2673c84ea371bd6ffe337591b61ad1ad11a5d?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/apicast-rhel7-operator\u0026tag=1.14.1-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:52beda035f75cd318b9648736bcbb5450b1201d02e24991b9f283286822fef10_amd64",
                "product": {
                  "name": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:52beda035f75cd318b9648736bcbb5450b1201d02e24991b9f283286822fef10_amd64",
                  "product_id": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:52beda035f75cd318b9648736bcbb5450b1201d02e24991b9f283286822fef10_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/3scale-rhel7-operator-metadata@sha256:52beda035f75cd318b9648736bcbb5450b1201d02e24991b9f283286822fef10?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/3scale-rhel7-operator-metadata\u0026tag=2.11.1-33"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/3scale-rhel7-operator@sha256:0eb85546aa897e620a80589c4feb17fd567cab22008c15f68856af891b82f3a3_amd64",
                "product": {
                  "name": "3scale-amp2/3scale-rhel7-operator@sha256:0eb85546aa897e620a80589c4feb17fd567cab22008c15f68856af891b82f3a3_amd64",
                  "product_id": "3scale-amp2/3scale-rhel7-operator@sha256:0eb85546aa897e620a80589c4feb17fd567cab22008c15f68856af891b82f3a3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/3scale-rhel7-operator@sha256:0eb85546aa897e620a80589c4feb17fd567cab22008c15f68856af891b82f3a3?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/3scale-rhel7-operator\u0026tag=1.14.1-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/toolbox-rhel8@sha256:cbff9001b7fb3af8b890a50834739a20b5fab7d186ddb3d171ebcf5abdffaebb_amd64",
                "product": {
                  "name": "3scale-amp2/toolbox-rhel8@sha256:cbff9001b7fb3af8b890a50834739a20b5fab7d186ddb3d171ebcf5abdffaebb_amd64",
                  "product_id": "3scale-amp2/toolbox-rhel8@sha256:cbff9001b7fb3af8b890a50834739a20b5fab7d186ddb3d171ebcf5abdffaebb_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/toolbox-rhel8@sha256:cbff9001b7fb3af8b890a50834739a20b5fab7d186ddb3d171ebcf5abdffaebb?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/toolbox-rhel8\u0026tag=1.7.1-5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3scale-amp2/apicast-gateway-rhel8@sha256:e8a8bfcc5e197593fc5b597e47899ae5c8f4289d16d162e683c0b59509eb1ddd_ppc64le",
                "product": {
                  "name": "3scale-amp2/apicast-gateway-rhel8@sha256:e8a8bfcc5e197593fc5b597e47899ae5c8f4289d16d162e683c0b59509eb1ddd_ppc64le",
                  "product_id": "3scale-amp2/apicast-gateway-rhel8@sha256:e8a8bfcc5e197593fc5b597e47899ae5c8f4289d16d162e683c0b59509eb1ddd_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/apicast-gateway-rhel8@sha256:e8a8bfcc5e197593fc5b597e47899ae5c8f4289d16d162e683c0b59509eb1ddd?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/apicast-gateway-rhel8\u0026tag=1.20.1-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/backend-rhel8@sha256:10818e4c115a4f6590eb452d401d96a4c43225803434608a7320bd7fa27d5019_ppc64le",
                "product": {
                  "name": "3scale-amp2/backend-rhel8@sha256:10818e4c115a4f6590eb452d401d96a4c43225803434608a7320bd7fa27d5019_ppc64le",
                  "product_id": "3scale-amp2/backend-rhel8@sha256:10818e4c115a4f6590eb452d401d96a4c43225803434608a7320bd7fa27d5019_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/backend-rhel8@sha256:10818e4c115a4f6590eb452d401d96a4c43225803434608a7320bd7fa27d5019?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/backend-rhel8\u0026tag=1.14.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/memcached-rhel7@sha256:c8ad2764f7847f93ddeb80abf6434db7d5e10207aa233514230064c170f0db2a_ppc64le",
                "product": {
                  "name": "3scale-amp2/memcached-rhel7@sha256:c8ad2764f7847f93ddeb80abf6434db7d5e10207aa233514230064c170f0db2a_ppc64le",
                  "product_id": "3scale-amp2/memcached-rhel7@sha256:c8ad2764f7847f93ddeb80abf6434db7d5e10207aa233514230064c170f0db2a_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/memcached-rhel7@sha256:c8ad2764f7847f93ddeb80abf6434db7d5e10207aa233514230064c170f0db2a?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/memcached-rhel7\u0026tag=1.4.16-42"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/system-rhel7@sha256:6af9c5133729b0d13cafd5ca3852252b1d8e9298095d1a078abe6569e84fd1cb_ppc64le",
                "product": {
                  "name": "3scale-amp2/system-rhel7@sha256:6af9c5133729b0d13cafd5ca3852252b1d8e9298095d1a078abe6569e84fd1cb_ppc64le",
                  "product_id": "3scale-amp2/system-rhel7@sha256:6af9c5133729b0d13cafd5ca3852252b1d8e9298095d1a078abe6569e84fd1cb_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/system-rhel7@sha256:6af9c5133729b0d13cafd5ca3852252b1d8e9298095d1a078abe6569e84fd1cb?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/system-rhel7\u0026tag=1.15.1-13"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/zync-rhel8@sha256:8ce669e94ac7a53a4b1b608a34c65aacc1922ea572386960747e12b378900cde_ppc64le",
                "product": {
                  "name": "3scale-amp2/zync-rhel8@sha256:8ce669e94ac7a53a4b1b608a34c65aacc1922ea572386960747e12b378900cde_ppc64le",
                  "product_id": "3scale-amp2/zync-rhel8@sha256:8ce669e94ac7a53a4b1b608a34c65aacc1922ea572386960747e12b378900cde_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/zync-rhel8@sha256:8ce669e94ac7a53a4b1b608a34c65aacc1922ea572386960747e12b378900cde?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/zync-rhel8\u0026tag=1.14.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:52814fc1073461e8b30651469b47ef9fc9fffcf26ed6f0c7a59f2cb528271df4_ppc64le",
                "product": {
                  "name": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:52814fc1073461e8b30651469b47ef9fc9fffcf26ed6f0c7a59f2cb528271df4_ppc64le",
                  "product_id": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:52814fc1073461e8b30651469b47ef9fc9fffcf26ed6f0c7a59f2cb528271df4_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/apicast-rhel7-operator-metadata@sha256:52814fc1073461e8b30651469b47ef9fc9fffcf26ed6f0c7a59f2cb528271df4?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/apicast-rhel7-operator-metadata\u0026tag=2.11.1-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/apicast-rhel7-operator@sha256:971887fcec5b0ac7f2a0920a1ed93e22087b930e19c49726721617b3a8695fcf_ppc64le",
                "product": {
                  "name": "3scale-amp2/apicast-rhel7-operator@sha256:971887fcec5b0ac7f2a0920a1ed93e22087b930e19c49726721617b3a8695fcf_ppc64le",
                  "product_id": "3scale-amp2/apicast-rhel7-operator@sha256:971887fcec5b0ac7f2a0920a1ed93e22087b930e19c49726721617b3a8695fcf_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/apicast-rhel7-operator@sha256:971887fcec5b0ac7f2a0920a1ed93e22087b930e19c49726721617b3a8695fcf?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/apicast-rhel7-operator\u0026tag=1.14.1-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:625d03241c1774de7e73182fa3bd487b8d2a37e71223c0286cee80461424ec36_ppc64le",
                "product": {
                  "name": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:625d03241c1774de7e73182fa3bd487b8d2a37e71223c0286cee80461424ec36_ppc64le",
                  "product_id": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:625d03241c1774de7e73182fa3bd487b8d2a37e71223c0286cee80461424ec36_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/3scale-rhel7-operator-metadata@sha256:625d03241c1774de7e73182fa3bd487b8d2a37e71223c0286cee80461424ec36?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/3scale-rhel7-operator-metadata\u0026tag=2.11.1-33"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/3scale-rhel7-operator@sha256:2d88b59f54b3446fd1e146ed232549e8f0c0f199d05ba63c5c35a6687eab3c0d_ppc64le",
                "product": {
                  "name": "3scale-amp2/3scale-rhel7-operator@sha256:2d88b59f54b3446fd1e146ed232549e8f0c0f199d05ba63c5c35a6687eab3c0d_ppc64le",
                  "product_id": "3scale-amp2/3scale-rhel7-operator@sha256:2d88b59f54b3446fd1e146ed232549e8f0c0f199d05ba63c5c35a6687eab3c0d_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/3scale-rhel7-operator@sha256:2d88b59f54b3446fd1e146ed232549e8f0c0f199d05ba63c5c35a6687eab3c0d?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/3scale-rhel7-operator\u0026tag=1.14.1-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/toolbox-rhel8@sha256:89a7f8228a70fb6fdc0408b6e995660967ccee5b627ac3f3cc81fb64d04c7c25_ppc64le",
                "product": {
                  "name": "3scale-amp2/toolbox-rhel8@sha256:89a7f8228a70fb6fdc0408b6e995660967ccee5b627ac3f3cc81fb64d04c7c25_ppc64le",
                  "product_id": "3scale-amp2/toolbox-rhel8@sha256:89a7f8228a70fb6fdc0408b6e995660967ccee5b627ac3f3cc81fb64d04c7c25_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/toolbox-rhel8@sha256:89a7f8228a70fb6fdc0408b6e995660967ccee5b627ac3f3cc81fb64d04c7c25?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/toolbox-rhel8\u0026tag=1.7.1-5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:52beda035f75cd318b9648736bcbb5450b1201d02e24991b9f283286822fef10_amd64 as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator-metadata@sha256:52beda035f75cd318b9648736bcbb5450b1201d02e24991b9f283286822fef10_amd64"
        },
        "product_reference": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:52beda035f75cd318b9648736bcbb5450b1201d02e24991b9f283286822fef10_amd64",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:625d03241c1774de7e73182fa3bd487b8d2a37e71223c0286cee80461424ec36_ppc64le as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator-metadata@sha256:625d03241c1774de7e73182fa3bd487b8d2a37e71223c0286cee80461424ec36_ppc64le"
        },
        "product_reference": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:625d03241c1774de7e73182fa3bd487b8d2a37e71223c0286cee80461424ec36_ppc64le",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/3scale-rhel7-operator@sha256:0eb85546aa897e620a80589c4feb17fd567cab22008c15f68856af891b82f3a3_amd64 as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator@sha256:0eb85546aa897e620a80589c4feb17fd567cab22008c15f68856af891b82f3a3_amd64"
        },
        "product_reference": "3scale-amp2/3scale-rhel7-operator@sha256:0eb85546aa897e620a80589c4feb17fd567cab22008c15f68856af891b82f3a3_amd64",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/3scale-rhel7-operator@sha256:2d88b59f54b3446fd1e146ed232549e8f0c0f199d05ba63c5c35a6687eab3c0d_ppc64le as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator@sha256:2d88b59f54b3446fd1e146ed232549e8f0c0f199d05ba63c5c35a6687eab3c0d_ppc64le"
        },
        "product_reference": "3scale-amp2/3scale-rhel7-operator@sha256:2d88b59f54b3446fd1e146ed232549e8f0c0f199d05ba63c5c35a6687eab3c0d_ppc64le",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:3cdddf4944527a760c6b9b83a80761ca103a54bef52c29c6554b64fcf932892d_amd64 as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator-metadata@sha256:3cdddf4944527a760c6b9b83a80761ca103a54bef52c29c6554b64fcf932892d_amd64"
        },
        "product_reference": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:3cdddf4944527a760c6b9b83a80761ca103a54bef52c29c6554b64fcf932892d_amd64",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:52814fc1073461e8b30651469b47ef9fc9fffcf26ed6f0c7a59f2cb528271df4_ppc64le as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator-metadata@sha256:52814fc1073461e8b30651469b47ef9fc9fffcf26ed6f0c7a59f2cb528271df4_ppc64le"
        },
        "product_reference": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:52814fc1073461e8b30651469b47ef9fc9fffcf26ed6f0c7a59f2cb528271df4_ppc64le",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/apicast-rhel7-operator@sha256:971887fcec5b0ac7f2a0920a1ed93e22087b930e19c49726721617b3a8695fcf_ppc64le as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator@sha256:971887fcec5b0ac7f2a0920a1ed93e22087b930e19c49726721617b3a8695fcf_ppc64le"
        },
        "product_reference": "3scale-amp2/apicast-rhel7-operator@sha256:971887fcec5b0ac7f2a0920a1ed93e22087b930e19c49726721617b3a8695fcf_ppc64le",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/apicast-rhel7-operator@sha256:db6d0effa8860adad6b7af7140f2673c84ea371bd6ffe337591b61ad1ad11a5d_amd64 as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator@sha256:db6d0effa8860adad6b7af7140f2673c84ea371bd6ffe337591b61ad1ad11a5d_amd64"
        },
        "product_reference": "3scale-amp2/apicast-rhel7-operator@sha256:db6d0effa8860adad6b7af7140f2673c84ea371bd6ffe337591b61ad1ad11a5d_amd64",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/memcached-rhel7@sha256:c8ad2764f7847f93ddeb80abf6434db7d5e10207aa233514230064c170f0db2a_ppc64le as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "7Server-RH7-3scale-AMP-2.11:3scale-amp2/memcached-rhel7@sha256:c8ad2764f7847f93ddeb80abf6434db7d5e10207aa233514230064c170f0db2a_ppc64le"
        },
        "product_reference": "3scale-amp2/memcached-rhel7@sha256:c8ad2764f7847f93ddeb80abf6434db7d5e10207aa233514230064c170f0db2a_ppc64le",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/memcached-rhel7@sha256:e88d866f2538f3bd556715cce8d50e1310a346a679b4f1ed0e77696d0937998a_amd64 as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "7Server-RH7-3scale-AMP-2.11:3scale-amp2/memcached-rhel7@sha256:e88d866f2538f3bd556715cce8d50e1310a346a679b4f1ed0e77696d0937998a_amd64"
        },
        "product_reference": "3scale-amp2/memcached-rhel7@sha256:e88d866f2538f3bd556715cce8d50e1310a346a679b4f1ed0e77696d0937998a_amd64",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/system-rhel7@sha256:32852c1ef328d9856012f8ae95b8ae755cd563422d24da6f36a41d3bb55a9d25_amd64 as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "7Server-RH7-3scale-AMP-2.11:3scale-amp2/system-rhel7@sha256:32852c1ef328d9856012f8ae95b8ae755cd563422d24da6f36a41d3bb55a9d25_amd64"
        },
        "product_reference": "3scale-amp2/system-rhel7@sha256:32852c1ef328d9856012f8ae95b8ae755cd563422d24da6f36a41d3bb55a9d25_amd64",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/system-rhel7@sha256:6af9c5133729b0d13cafd5ca3852252b1d8e9298095d1a078abe6569e84fd1cb_ppc64le as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "7Server-RH7-3scale-AMP-2.11:3scale-amp2/system-rhel7@sha256:6af9c5133729b0d13cafd5ca3852252b1d8e9298095d1a078abe6569e84fd1cb_ppc64le"
        },
        "product_reference": "3scale-amp2/system-rhel7@sha256:6af9c5133729b0d13cafd5ca3852252b1d8e9298095d1a078abe6569e84fd1cb_ppc64le",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/apicast-gateway-rhel8@sha256:2cce2b4dd44a06c6d08ee85e6c586ee8736a8b792edfd404d857e1b80758771e_amd64 as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/apicast-gateway-rhel8@sha256:2cce2b4dd44a06c6d08ee85e6c586ee8736a8b792edfd404d857e1b80758771e_amd64"
        },
        "product_reference": "3scale-amp2/apicast-gateway-rhel8@sha256:2cce2b4dd44a06c6d08ee85e6c586ee8736a8b792edfd404d857e1b80758771e_amd64",
        "relates_to_product_reference": "8Base-3scale-AMP-2.11-RHEL-8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/apicast-gateway-rhel8@sha256:e8a8bfcc5e197593fc5b597e47899ae5c8f4289d16d162e683c0b59509eb1ddd_ppc64le as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/apicast-gateway-rhel8@sha256:e8a8bfcc5e197593fc5b597e47899ae5c8f4289d16d162e683c0b59509eb1ddd_ppc64le"
        },
        "product_reference": "3scale-amp2/apicast-gateway-rhel8@sha256:e8a8bfcc5e197593fc5b597e47899ae5c8f4289d16d162e683c0b59509eb1ddd_ppc64le",
        "relates_to_product_reference": "8Base-3scale-AMP-2.11-RHEL-8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/backend-rhel8@sha256:10818e4c115a4f6590eb452d401d96a4c43225803434608a7320bd7fa27d5019_ppc64le as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/backend-rhel8@sha256:10818e4c115a4f6590eb452d401d96a4c43225803434608a7320bd7fa27d5019_ppc64le"
        },
        "product_reference": "3scale-amp2/backend-rhel8@sha256:10818e4c115a4f6590eb452d401d96a4c43225803434608a7320bd7fa27d5019_ppc64le",
        "relates_to_product_reference": "8Base-3scale-AMP-2.11-RHEL-8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/backend-rhel8@sha256:2ac5e91302bd75d97fbae9192ac776a19eb48141773db4cb39ba2f907c740682_amd64 as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/backend-rhel8@sha256:2ac5e91302bd75d97fbae9192ac776a19eb48141773db4cb39ba2f907c740682_amd64"
        },
        "product_reference": "3scale-amp2/backend-rhel8@sha256:2ac5e91302bd75d97fbae9192ac776a19eb48141773db4cb39ba2f907c740682_amd64",
        "relates_to_product_reference": "8Base-3scale-AMP-2.11-RHEL-8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/toolbox-rhel8@sha256:89a7f8228a70fb6fdc0408b6e995660967ccee5b627ac3f3cc81fb64d04c7c25_ppc64le as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/toolbox-rhel8@sha256:89a7f8228a70fb6fdc0408b6e995660967ccee5b627ac3f3cc81fb64d04c7c25_ppc64le"
        },
        "product_reference": "3scale-amp2/toolbox-rhel8@sha256:89a7f8228a70fb6fdc0408b6e995660967ccee5b627ac3f3cc81fb64d04c7c25_ppc64le",
        "relates_to_product_reference": "8Base-3scale-AMP-2.11-RHEL-8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/toolbox-rhel8@sha256:cbff9001b7fb3af8b890a50834739a20b5fab7d186ddb3d171ebcf5abdffaebb_amd64 as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/toolbox-rhel8@sha256:cbff9001b7fb3af8b890a50834739a20b5fab7d186ddb3d171ebcf5abdffaebb_amd64"
        },
        "product_reference": "3scale-amp2/toolbox-rhel8@sha256:cbff9001b7fb3af8b890a50834739a20b5fab7d186ddb3d171ebcf5abdffaebb_amd64",
        "relates_to_product_reference": "8Base-3scale-AMP-2.11-RHEL-8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/zync-rhel8@sha256:586cb426e8363239abb94ccce8c85141b26bf50e04a5a05989905f4318be80b9_amd64 as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/zync-rhel8@sha256:586cb426e8363239abb94ccce8c85141b26bf50e04a5a05989905f4318be80b9_amd64"
        },
        "product_reference": "3scale-amp2/zync-rhel8@sha256:586cb426e8363239abb94ccce8c85141b26bf50e04a5a05989905f4318be80b9_amd64",
        "relates_to_product_reference": "8Base-3scale-AMP-2.11-RHEL-8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/zync-rhel8@sha256:8ce669e94ac7a53a4b1b608a34c65aacc1922ea572386960747e12b378900cde_ppc64le as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/zync-rhel8@sha256:8ce669e94ac7a53a4b1b608a34c65aacc1922ea572386960747e12b378900cde_ppc64le"
        },
        "product_reference": "3scale-amp2/zync-rhel8@sha256:8ce669e94ac7a53a4b1b608a34c65aacc1922ea572386960747e12b378900cde_ppc64le",
        "relates_to_product_reference": "8Base-3scale-AMP-2.11-RHEL-8"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-26247",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2020-12-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1912487"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Nokogiri. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XML External Entity (XXE) or Server-side request forgery (SSRF) attacks. The highest threat from this vulnerability is to data confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rubygem-nokogiri: XML external entity injection via Nokogiri::XML::Schema",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator-metadata@sha256:52beda035f75cd318b9648736bcbb5450b1201d02e24991b9f283286822fef10_amd64",
          "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator-metadata@sha256:625d03241c1774de7e73182fa3bd487b8d2a37e71223c0286cee80461424ec36_ppc64le",
          "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator@sha256:0eb85546aa897e620a80589c4feb17fd567cab22008c15f68856af891b82f3a3_amd64",
          "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator@sha256:2d88b59f54b3446fd1e146ed232549e8f0c0f199d05ba63c5c35a6687eab3c0d_ppc64le",
          "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator-metadata@sha256:3cdddf4944527a760c6b9b83a80761ca103a54bef52c29c6554b64fcf932892d_amd64",
          "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator-metadata@sha256:52814fc1073461e8b30651469b47ef9fc9fffcf26ed6f0c7a59f2cb528271df4_ppc64le",
          "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator@sha256:971887fcec5b0ac7f2a0920a1ed93e22087b930e19c49726721617b3a8695fcf_ppc64le",
          "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator@sha256:db6d0effa8860adad6b7af7140f2673c84ea371bd6ffe337591b61ad1ad11a5d_amd64",
          "7Server-RH7-3scale-AMP-2.11:3scale-amp2/memcached-rhel7@sha256:c8ad2764f7847f93ddeb80abf6434db7d5e10207aa233514230064c170f0db2a_ppc64le",
          "7Server-RH7-3scale-AMP-2.11:3scale-amp2/memcached-rhel7@sha256:e88d866f2538f3bd556715cce8d50e1310a346a679b4f1ed0e77696d0937998a_amd64",
          "7Server-RH7-3scale-AMP-2.11:3scale-amp2/system-rhel7@sha256:32852c1ef328d9856012f8ae95b8ae755cd563422d24da6f36a41d3bb55a9d25_amd64",
          "7Server-RH7-3scale-AMP-2.11:3scale-amp2/system-rhel7@sha256:6af9c5133729b0d13cafd5ca3852252b1d8e9298095d1a078abe6569e84fd1cb_ppc64le",
          "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/apicast-gateway-rhel8@sha256:2cce2b4dd44a06c6d08ee85e6c586ee8736a8b792edfd404d857e1b80758771e_amd64",
          "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/apicast-gateway-rhel8@sha256:e8a8bfcc5e197593fc5b597e47899ae5c8f4289d16d162e683c0b59509eb1ddd_ppc64le",
          "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/backend-rhel8@sha256:10818e4c115a4f6590eb452d401d96a4c43225803434608a7320bd7fa27d5019_ppc64le",
          "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/backend-rhel8@sha256:2ac5e91302bd75d97fbae9192ac776a19eb48141773db4cb39ba2f907c740682_amd64",
          "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/toolbox-rhel8@sha256:89a7f8228a70fb6fdc0408b6e995660967ccee5b627ac3f3cc81fb64d04c7c25_ppc64le",
          "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/toolbox-rhel8@sha256:cbff9001b7fb3af8b890a50834739a20b5fab7d186ddb3d171ebcf5abdffaebb_amd64",
          "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/zync-rhel8@sha256:586cb426e8363239abb94ccce8c85141b26bf50e04a5a05989905f4318be80b9_amd64",
          "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/zync-rhel8@sha256:8ce669e94ac7a53a4b1b608a34c65aacc1922ea572386960747e12b378900cde_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-26247"
        },
        {
          "category": "external",
          "summary": "RHBZ#1912487",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912487"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26247",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-26247"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26247",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26247"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-vr8q-g5c7-m54m",
          "url": "https://github.com/advisories/GHSA-vr8q-g5c7-m54m"
        }
      ],
      "release_date": "2020-12-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-16T18:02:46+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.11/html-single/installing_3scale/index",
          "product_ids": [
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator-metadata@sha256:52beda035f75cd318b9648736bcbb5450b1201d02e24991b9f283286822fef10_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator-metadata@sha256:625d03241c1774de7e73182fa3bd487b8d2a37e71223c0286cee80461424ec36_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator@sha256:0eb85546aa897e620a80589c4feb17fd567cab22008c15f68856af891b82f3a3_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator@sha256:2d88b59f54b3446fd1e146ed232549e8f0c0f199d05ba63c5c35a6687eab3c0d_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator-metadata@sha256:3cdddf4944527a760c6b9b83a80761ca103a54bef52c29c6554b64fcf932892d_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator-metadata@sha256:52814fc1073461e8b30651469b47ef9fc9fffcf26ed6f0c7a59f2cb528271df4_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator@sha256:971887fcec5b0ac7f2a0920a1ed93e22087b930e19c49726721617b3a8695fcf_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator@sha256:db6d0effa8860adad6b7af7140f2673c84ea371bd6ffe337591b61ad1ad11a5d_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/memcached-rhel7@sha256:c8ad2764f7847f93ddeb80abf6434db7d5e10207aa233514230064c170f0db2a_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/memcached-rhel7@sha256:e88d866f2538f3bd556715cce8d50e1310a346a679b4f1ed0e77696d0937998a_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/system-rhel7@sha256:32852c1ef328d9856012f8ae95b8ae755cd563422d24da6f36a41d3bb55a9d25_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/system-rhel7@sha256:6af9c5133729b0d13cafd5ca3852252b1d8e9298095d1a078abe6569e84fd1cb_ppc64le",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/apicast-gateway-rhel8@sha256:2cce2b4dd44a06c6d08ee85e6c586ee8736a8b792edfd404d857e1b80758771e_amd64",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/apicast-gateway-rhel8@sha256:e8a8bfcc5e197593fc5b597e47899ae5c8f4289d16d162e683c0b59509eb1ddd_ppc64le",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/backend-rhel8@sha256:10818e4c115a4f6590eb452d401d96a4c43225803434608a7320bd7fa27d5019_ppc64le",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/backend-rhel8@sha256:2ac5e91302bd75d97fbae9192ac776a19eb48141773db4cb39ba2f907c740682_amd64",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/toolbox-rhel8@sha256:89a7f8228a70fb6fdc0408b6e995660967ccee5b627ac3f3cc81fb64d04c7c25_ppc64le",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/toolbox-rhel8@sha256:cbff9001b7fb3af8b890a50834739a20b5fab7d186ddb3d171ebcf5abdffaebb_amd64",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/zync-rhel8@sha256:586cb426e8363239abb94ccce8c85141b26bf50e04a5a05989905f4318be80b9_amd64",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/zync-rhel8@sha256:8ce669e94ac7a53a4b1b608a34c65aacc1922ea572386960747e12b378900cde_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5191"
        },
        {
          "category": "workaround",
          "details": "There are no known workarounds for affected versions. Please refer to the upstream advisory page for additional information.",
          "product_ids": [
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator-metadata@sha256:52beda035f75cd318b9648736bcbb5450b1201d02e24991b9f283286822fef10_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator-metadata@sha256:625d03241c1774de7e73182fa3bd487b8d2a37e71223c0286cee80461424ec36_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator@sha256:0eb85546aa897e620a80589c4feb17fd567cab22008c15f68856af891b82f3a3_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator@sha256:2d88b59f54b3446fd1e146ed232549e8f0c0f199d05ba63c5c35a6687eab3c0d_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator-metadata@sha256:3cdddf4944527a760c6b9b83a80761ca103a54bef52c29c6554b64fcf932892d_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator-metadata@sha256:52814fc1073461e8b30651469b47ef9fc9fffcf26ed6f0c7a59f2cb528271df4_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator@sha256:971887fcec5b0ac7f2a0920a1ed93e22087b930e19c49726721617b3a8695fcf_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator@sha256:db6d0effa8860adad6b7af7140f2673c84ea371bd6ffe337591b61ad1ad11a5d_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/memcached-rhel7@sha256:c8ad2764f7847f93ddeb80abf6434db7d5e10207aa233514230064c170f0db2a_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/memcached-rhel7@sha256:e88d866f2538f3bd556715cce8d50e1310a346a679b4f1ed0e77696d0937998a_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/system-rhel7@sha256:32852c1ef328d9856012f8ae95b8ae755cd563422d24da6f36a41d3bb55a9d25_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/system-rhel7@sha256:6af9c5133729b0d13cafd5ca3852252b1d8e9298095d1a078abe6569e84fd1cb_ppc64le",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/apicast-gateway-rhel8@sha256:2cce2b4dd44a06c6d08ee85e6c586ee8736a8b792edfd404d857e1b80758771e_amd64",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/apicast-gateway-rhel8@sha256:e8a8bfcc5e197593fc5b597e47899ae5c8f4289d16d162e683c0b59509eb1ddd_ppc64le",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/backend-rhel8@sha256:10818e4c115a4f6590eb452d401d96a4c43225803434608a7320bd7fa27d5019_ppc64le",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/backend-rhel8@sha256:2ac5e91302bd75d97fbae9192ac776a19eb48141773db4cb39ba2f907c740682_amd64",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/toolbox-rhel8@sha256:89a7f8228a70fb6fdc0408b6e995660967ccee5b627ac3f3cc81fb64d04c7c25_ppc64le",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/toolbox-rhel8@sha256:cbff9001b7fb3af8b890a50834739a20b5fab7d186ddb3d171ebcf5abdffaebb_amd64",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/zync-rhel8@sha256:586cb426e8363239abb94ccce8c85141b26bf50e04a5a05989905f4318be80b9_amd64",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/zync-rhel8@sha256:8ce669e94ac7a53a4b1b608a34c65aacc1922ea572386960747e12b378900cde_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator-metadata@sha256:52beda035f75cd318b9648736bcbb5450b1201d02e24991b9f283286822fef10_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator-metadata@sha256:625d03241c1774de7e73182fa3bd487b8d2a37e71223c0286cee80461424ec36_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator@sha256:0eb85546aa897e620a80589c4feb17fd567cab22008c15f68856af891b82f3a3_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator@sha256:2d88b59f54b3446fd1e146ed232549e8f0c0f199d05ba63c5c35a6687eab3c0d_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator-metadata@sha256:3cdddf4944527a760c6b9b83a80761ca103a54bef52c29c6554b64fcf932892d_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator-metadata@sha256:52814fc1073461e8b30651469b47ef9fc9fffcf26ed6f0c7a59f2cb528271df4_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator@sha256:971887fcec5b0ac7f2a0920a1ed93e22087b930e19c49726721617b3a8695fcf_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator@sha256:db6d0effa8860adad6b7af7140f2673c84ea371bd6ffe337591b61ad1ad11a5d_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/memcached-rhel7@sha256:c8ad2764f7847f93ddeb80abf6434db7d5e10207aa233514230064c170f0db2a_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/memcached-rhel7@sha256:e88d866f2538f3bd556715cce8d50e1310a346a679b4f1ed0e77696d0937998a_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/system-rhel7@sha256:32852c1ef328d9856012f8ae95b8ae755cd563422d24da6f36a41d3bb55a9d25_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/system-rhel7@sha256:6af9c5133729b0d13cafd5ca3852252b1d8e9298095d1a078abe6569e84fd1cb_ppc64le",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/apicast-gateway-rhel8@sha256:2cce2b4dd44a06c6d08ee85e6c586ee8736a8b792edfd404d857e1b80758771e_amd64",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/apicast-gateway-rhel8@sha256:e8a8bfcc5e197593fc5b597e47899ae5c8f4289d16d162e683c0b59509eb1ddd_ppc64le",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/backend-rhel8@sha256:10818e4c115a4f6590eb452d401d96a4c43225803434608a7320bd7fa27d5019_ppc64le",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/backend-rhel8@sha256:2ac5e91302bd75d97fbae9192ac776a19eb48141773db4cb39ba2f907c740682_amd64",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/toolbox-rhel8@sha256:89a7f8228a70fb6fdc0408b6e995660967ccee5b627ac3f3cc81fb64d04c7c25_ppc64le",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/toolbox-rhel8@sha256:cbff9001b7fb3af8b890a50834739a20b5fab7d186ddb3d171ebcf5abdffaebb_amd64",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/zync-rhel8@sha256:586cb426e8363239abb94ccce8c85141b26bf50e04a5a05989905f4318be80b9_amd64",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/zync-rhel8@sha256:8ce669e94ac7a53a4b1b608a34c65aacc1922ea572386960747e12b378900cde_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "rubygem-nokogiri: XML external entity injection via Nokogiri::XML::Schema"
    }
  ]
}

cve-2020-26247

Vulnerability from cvelistv5

Published

2020-12-30 00:00

Modified

2024-08-04 15:56

Severity ?

2.6 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

Summary

XXE in Nokogiri

References

▼	URL	Tags
	https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m
	https://rubygems.org/gems/nokogiri
	https://hackerone.com/reports/747489
	https://github.com/sparklemotion/nokogiri/releases/tag/v1.11.0.rc4
	https://github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b
	https://lists.debian.org/debian-lts-announce/2021/06/msg00007.html	mailing-list
	https://security.gentoo.org/glsa/202208-29	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html	mailing-list

Impacted products

▼	Vendor	Product
	sparklemotion	nokogiri

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:56:04.939Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://rubygems.org/gems/nokogiri"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/747489"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.11.0.rc4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b"
          },
          {
            "name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2678-1] ruby-nokogiri security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00007.html"
          },
          {
            "name": "GLSA-202208-29",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-29"
          },
          {
            "name": "[debian-lts-announce] 20221012 [SECURITY] [DLA 3149-1] ruby-nokogiri security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "nokogiri",
          "vendor": "sparklemotion",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.11.0.rc4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all input as untrusted by default whenever possible. This is fixed in Nokogiri version 1.11.0.rc4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611: Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-12T00:00:00",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m"
        },
        {
          "url": "https://rubygems.org/gems/nokogiri"
        },
        {
          "url": "https://hackerone.com/reports/747489"
        },
        {
          "url": "https://github.com/sparklemotion/nokogiri/releases/tag/v1.11.0.rc4"
        },
        {
          "url": "https://github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b"
        },
        {
          "name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2678-1] ruby-nokogiri security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00007.html"
        },
        {
          "name": "GLSA-202208-29",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202208-29"
        },
        {
          "name": "[debian-lts-announce] 20221012 [SECURITY] [DLA 3149-1] ruby-nokogiri security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00018.html"
        }
      ],
      "source": {
        "advisory": "GHSA-vr8q-g5c7-m54m",
        "discovery": "UNKNOWN"
      },
      "title": "XXE in Nokogiri"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-26247",
    "datePublished": "2020-12-30T00:00:00",
    "dateReserved": "2020-10-01T00:00:00",
    "dateUpdated": "2024-08-04T15:56:04.939Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted