rhsa-2021_5191
Vulnerability from csaf_redhat
Published
2021-12-16 18:02
Modified
2024-11-06 00:15
Summary
Red Hat Security Advisory: Red Hat 3scale API Management 2.11.1 Release - Container Images

Notes

Topic
Red Hat 3scale API Management 2.11.1 Release - Container Images A security update for Red Hat 3scale API Management is now available from the Red Hat Container Catalog. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability listed as CVE link(s) in the References section.
Details
Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. This advisory is intended to use with Container Images, for Red Hat 3scale API Management 2.11.1. Security Fix(es): * rubygem-nokogiri: XML external entity injection via Nokogiri::XML::Schema (CVE-2020-26247) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat 3scale API Management 2.11.1 Release - Container Images\n\nA security update for Red Hat 3scale API Management is now available from the Red Hat Container Catalog.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability listed as CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat 3scale API Management delivers centralized API management features through a distributed, cloud-hosted layer. It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools.\n\nThis advisory is intended to use with Container Images, for Red Hat 3scale API Management 2.11.1.\n\nSecurity Fix(es):\n\n* rubygem-nokogiri: XML external entity injection via Nokogiri::XML::Schema (CVE-2020-26247)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2021:5191",
        "url": "https://access.redhat.com/errata/RHSA-2021:5191"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.11/html-single/installing_3scale/index",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.11/html-single/installing_3scale/index"
      },
      {
        "category": "external",
        "summary": "1912487",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912487"
      },
      {
        "category": "external",
        "summary": "THREESCALE-6868",
        "url": "https://issues.redhat.com/browse/THREESCALE-6868"
      },
      {
        "category": "external",
        "summary": "THREESCALE-6879",
        "url": "https://issues.redhat.com/browse/THREESCALE-6879"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7030",
        "url": "https://issues.redhat.com/browse/THREESCALE-7030"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7203",
        "url": "https://issues.redhat.com/browse/THREESCALE-7203"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7475",
        "url": "https://issues.redhat.com/browse/THREESCALE-7475"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7488",
        "url": "https://issues.redhat.com/browse/THREESCALE-7488"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7573",
        "url": "https://issues.redhat.com/browse/THREESCALE-7573"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7605",
        "url": "https://issues.redhat.com/browse/THREESCALE-7605"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7633",
        "url": "https://issues.redhat.com/browse/THREESCALE-7633"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7644",
        "url": "https://issues.redhat.com/browse/THREESCALE-7644"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7646",
        "url": "https://issues.redhat.com/browse/THREESCALE-7646"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7648",
        "url": "https://issues.redhat.com/browse/THREESCALE-7648"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7704",
        "url": "https://issues.redhat.com/browse/THREESCALE-7704"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7731",
        "url": "https://issues.redhat.com/browse/THREESCALE-7731"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7761",
        "url": "https://issues.redhat.com/browse/THREESCALE-7761"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7765",
        "url": "https://issues.redhat.com/browse/THREESCALE-7765"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7834",
        "url": "https://issues.redhat.com/browse/THREESCALE-7834"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7863",
        "url": "https://issues.redhat.com/browse/THREESCALE-7863"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7884",
        "url": "https://issues.redhat.com/browse/THREESCALE-7884"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7912",
        "url": "https://issues.redhat.com/browse/THREESCALE-7912"
      },
      {
        "category": "external",
        "summary": "THREESCALE-7913",
        "url": "https://issues.redhat.com/browse/THREESCALE-7913"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_5191.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat 3scale API Management 2.11.1 Release - Container Images",
    "tracking": {
      "current_release_date": "2024-11-06T00:15:37+00:00",
      "generator": {
        "date": "2024-11-06T00:15:37+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2021:5191",
      "initial_release_date": "2021-12-16T18:02:46+00:00",
      "revision_history": [
        {
          "date": "2021-12-16T18:02:46+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2021-12-16T18:02:46+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-06T00:15:37+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat 3Scale AMP 2.11",
                "product": {
                  "name": "Red Hat 3Scale AMP 2.11",
                  "product_id": "8Base-3scale-AMP-2.11-RHEL-8",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:3scale_amp:2.11::el8"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat 3Scale AMP 2.11",
                "product": {
                  "name": "Red Hat 3Scale AMP 2.11",
                  "product_id": "7Server-RH7-3scale-AMP-2.11",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:3scale_amp:2.11::el7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "3scale API Management"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3scale-amp2/apicast-gateway-rhel8@sha256:2cce2b4dd44a06c6d08ee85e6c586ee8736a8b792edfd404d857e1b80758771e_amd64",
                "product": {
                  "name": "3scale-amp2/apicast-gateway-rhel8@sha256:2cce2b4dd44a06c6d08ee85e6c586ee8736a8b792edfd404d857e1b80758771e_amd64",
                  "product_id": "3scale-amp2/apicast-gateway-rhel8@sha256:2cce2b4dd44a06c6d08ee85e6c586ee8736a8b792edfd404d857e1b80758771e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/apicast-gateway-rhel8@sha256:2cce2b4dd44a06c6d08ee85e6c586ee8736a8b792edfd404d857e1b80758771e?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/apicast-gateway-rhel8\u0026tag=1.20.1-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/backend-rhel8@sha256:2ac5e91302bd75d97fbae9192ac776a19eb48141773db4cb39ba2f907c740682_amd64",
                "product": {
                  "name": "3scale-amp2/backend-rhel8@sha256:2ac5e91302bd75d97fbae9192ac776a19eb48141773db4cb39ba2f907c740682_amd64",
                  "product_id": "3scale-amp2/backend-rhel8@sha256:2ac5e91302bd75d97fbae9192ac776a19eb48141773db4cb39ba2f907c740682_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/backend-rhel8@sha256:2ac5e91302bd75d97fbae9192ac776a19eb48141773db4cb39ba2f907c740682?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/backend-rhel8\u0026tag=1.14.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/memcached-rhel7@sha256:e88d866f2538f3bd556715cce8d50e1310a346a679b4f1ed0e77696d0937998a_amd64",
                "product": {
                  "name": "3scale-amp2/memcached-rhel7@sha256:e88d866f2538f3bd556715cce8d50e1310a346a679b4f1ed0e77696d0937998a_amd64",
                  "product_id": "3scale-amp2/memcached-rhel7@sha256:e88d866f2538f3bd556715cce8d50e1310a346a679b4f1ed0e77696d0937998a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/memcached-rhel7@sha256:e88d866f2538f3bd556715cce8d50e1310a346a679b4f1ed0e77696d0937998a?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/memcached-rhel7\u0026tag=1.4.16-42"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/system-rhel7@sha256:32852c1ef328d9856012f8ae95b8ae755cd563422d24da6f36a41d3bb55a9d25_amd64",
                "product": {
                  "name": "3scale-amp2/system-rhel7@sha256:32852c1ef328d9856012f8ae95b8ae755cd563422d24da6f36a41d3bb55a9d25_amd64",
                  "product_id": "3scale-amp2/system-rhel7@sha256:32852c1ef328d9856012f8ae95b8ae755cd563422d24da6f36a41d3bb55a9d25_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/system-rhel7@sha256:32852c1ef328d9856012f8ae95b8ae755cd563422d24da6f36a41d3bb55a9d25?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/system-rhel7\u0026tag=1.15.1-13"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/zync-rhel8@sha256:586cb426e8363239abb94ccce8c85141b26bf50e04a5a05989905f4318be80b9_amd64",
                "product": {
                  "name": "3scale-amp2/zync-rhel8@sha256:586cb426e8363239abb94ccce8c85141b26bf50e04a5a05989905f4318be80b9_amd64",
                  "product_id": "3scale-amp2/zync-rhel8@sha256:586cb426e8363239abb94ccce8c85141b26bf50e04a5a05989905f4318be80b9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/zync-rhel8@sha256:586cb426e8363239abb94ccce8c85141b26bf50e04a5a05989905f4318be80b9?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/zync-rhel8\u0026tag=1.14.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:3cdddf4944527a760c6b9b83a80761ca103a54bef52c29c6554b64fcf932892d_amd64",
                "product": {
                  "name": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:3cdddf4944527a760c6b9b83a80761ca103a54bef52c29c6554b64fcf932892d_amd64",
                  "product_id": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:3cdddf4944527a760c6b9b83a80761ca103a54bef52c29c6554b64fcf932892d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/apicast-rhel7-operator-metadata@sha256:3cdddf4944527a760c6b9b83a80761ca103a54bef52c29c6554b64fcf932892d?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/apicast-rhel7-operator-metadata\u0026tag=2.11.1-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/apicast-rhel7-operator@sha256:db6d0effa8860adad6b7af7140f2673c84ea371bd6ffe337591b61ad1ad11a5d_amd64",
                "product": {
                  "name": "3scale-amp2/apicast-rhel7-operator@sha256:db6d0effa8860adad6b7af7140f2673c84ea371bd6ffe337591b61ad1ad11a5d_amd64",
                  "product_id": "3scale-amp2/apicast-rhel7-operator@sha256:db6d0effa8860adad6b7af7140f2673c84ea371bd6ffe337591b61ad1ad11a5d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/apicast-rhel7-operator@sha256:db6d0effa8860adad6b7af7140f2673c84ea371bd6ffe337591b61ad1ad11a5d?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/apicast-rhel7-operator\u0026tag=1.14.1-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:52beda035f75cd318b9648736bcbb5450b1201d02e24991b9f283286822fef10_amd64",
                "product": {
                  "name": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:52beda035f75cd318b9648736bcbb5450b1201d02e24991b9f283286822fef10_amd64",
                  "product_id": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:52beda035f75cd318b9648736bcbb5450b1201d02e24991b9f283286822fef10_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/3scale-rhel7-operator-metadata@sha256:52beda035f75cd318b9648736bcbb5450b1201d02e24991b9f283286822fef10?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/3scale-rhel7-operator-metadata\u0026tag=2.11.1-33"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/3scale-rhel7-operator@sha256:0eb85546aa897e620a80589c4feb17fd567cab22008c15f68856af891b82f3a3_amd64",
                "product": {
                  "name": "3scale-amp2/3scale-rhel7-operator@sha256:0eb85546aa897e620a80589c4feb17fd567cab22008c15f68856af891b82f3a3_amd64",
                  "product_id": "3scale-amp2/3scale-rhel7-operator@sha256:0eb85546aa897e620a80589c4feb17fd567cab22008c15f68856af891b82f3a3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/3scale-rhel7-operator@sha256:0eb85546aa897e620a80589c4feb17fd567cab22008c15f68856af891b82f3a3?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/3scale-rhel7-operator\u0026tag=1.14.1-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/toolbox-rhel8@sha256:cbff9001b7fb3af8b890a50834739a20b5fab7d186ddb3d171ebcf5abdffaebb_amd64",
                "product": {
                  "name": "3scale-amp2/toolbox-rhel8@sha256:cbff9001b7fb3af8b890a50834739a20b5fab7d186ddb3d171ebcf5abdffaebb_amd64",
                  "product_id": "3scale-amp2/toolbox-rhel8@sha256:cbff9001b7fb3af8b890a50834739a20b5fab7d186ddb3d171ebcf5abdffaebb_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/toolbox-rhel8@sha256:cbff9001b7fb3af8b890a50834739a20b5fab7d186ddb3d171ebcf5abdffaebb?arch=amd64\u0026repository_url=registry.redhat.io/3scale-amp2/toolbox-rhel8\u0026tag=1.7.1-5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3scale-amp2/apicast-gateway-rhel8@sha256:e8a8bfcc5e197593fc5b597e47899ae5c8f4289d16d162e683c0b59509eb1ddd_ppc64le",
                "product": {
                  "name": "3scale-amp2/apicast-gateway-rhel8@sha256:e8a8bfcc5e197593fc5b597e47899ae5c8f4289d16d162e683c0b59509eb1ddd_ppc64le",
                  "product_id": "3scale-amp2/apicast-gateway-rhel8@sha256:e8a8bfcc5e197593fc5b597e47899ae5c8f4289d16d162e683c0b59509eb1ddd_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/apicast-gateway-rhel8@sha256:e8a8bfcc5e197593fc5b597e47899ae5c8f4289d16d162e683c0b59509eb1ddd?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/apicast-gateway-rhel8\u0026tag=1.20.1-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/backend-rhel8@sha256:10818e4c115a4f6590eb452d401d96a4c43225803434608a7320bd7fa27d5019_ppc64le",
                "product": {
                  "name": "3scale-amp2/backend-rhel8@sha256:10818e4c115a4f6590eb452d401d96a4c43225803434608a7320bd7fa27d5019_ppc64le",
                  "product_id": "3scale-amp2/backend-rhel8@sha256:10818e4c115a4f6590eb452d401d96a4c43225803434608a7320bd7fa27d5019_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/backend-rhel8@sha256:10818e4c115a4f6590eb452d401d96a4c43225803434608a7320bd7fa27d5019?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/backend-rhel8\u0026tag=1.14.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/memcached-rhel7@sha256:c8ad2764f7847f93ddeb80abf6434db7d5e10207aa233514230064c170f0db2a_ppc64le",
                "product": {
                  "name": "3scale-amp2/memcached-rhel7@sha256:c8ad2764f7847f93ddeb80abf6434db7d5e10207aa233514230064c170f0db2a_ppc64le",
                  "product_id": "3scale-amp2/memcached-rhel7@sha256:c8ad2764f7847f93ddeb80abf6434db7d5e10207aa233514230064c170f0db2a_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/memcached-rhel7@sha256:c8ad2764f7847f93ddeb80abf6434db7d5e10207aa233514230064c170f0db2a?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/memcached-rhel7\u0026tag=1.4.16-42"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/system-rhel7@sha256:6af9c5133729b0d13cafd5ca3852252b1d8e9298095d1a078abe6569e84fd1cb_ppc64le",
                "product": {
                  "name": "3scale-amp2/system-rhel7@sha256:6af9c5133729b0d13cafd5ca3852252b1d8e9298095d1a078abe6569e84fd1cb_ppc64le",
                  "product_id": "3scale-amp2/system-rhel7@sha256:6af9c5133729b0d13cafd5ca3852252b1d8e9298095d1a078abe6569e84fd1cb_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/system-rhel7@sha256:6af9c5133729b0d13cafd5ca3852252b1d8e9298095d1a078abe6569e84fd1cb?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/system-rhel7\u0026tag=1.15.1-13"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/zync-rhel8@sha256:8ce669e94ac7a53a4b1b608a34c65aacc1922ea572386960747e12b378900cde_ppc64le",
                "product": {
                  "name": "3scale-amp2/zync-rhel8@sha256:8ce669e94ac7a53a4b1b608a34c65aacc1922ea572386960747e12b378900cde_ppc64le",
                  "product_id": "3scale-amp2/zync-rhel8@sha256:8ce669e94ac7a53a4b1b608a34c65aacc1922ea572386960747e12b378900cde_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/zync-rhel8@sha256:8ce669e94ac7a53a4b1b608a34c65aacc1922ea572386960747e12b378900cde?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/zync-rhel8\u0026tag=1.14.1-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:52814fc1073461e8b30651469b47ef9fc9fffcf26ed6f0c7a59f2cb528271df4_ppc64le",
                "product": {
                  "name": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:52814fc1073461e8b30651469b47ef9fc9fffcf26ed6f0c7a59f2cb528271df4_ppc64le",
                  "product_id": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:52814fc1073461e8b30651469b47ef9fc9fffcf26ed6f0c7a59f2cb528271df4_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/apicast-rhel7-operator-metadata@sha256:52814fc1073461e8b30651469b47ef9fc9fffcf26ed6f0c7a59f2cb528271df4?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/apicast-rhel7-operator-metadata\u0026tag=2.11.1-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/apicast-rhel7-operator@sha256:971887fcec5b0ac7f2a0920a1ed93e22087b930e19c49726721617b3a8695fcf_ppc64le",
                "product": {
                  "name": "3scale-amp2/apicast-rhel7-operator@sha256:971887fcec5b0ac7f2a0920a1ed93e22087b930e19c49726721617b3a8695fcf_ppc64le",
                  "product_id": "3scale-amp2/apicast-rhel7-operator@sha256:971887fcec5b0ac7f2a0920a1ed93e22087b930e19c49726721617b3a8695fcf_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/apicast-rhel7-operator@sha256:971887fcec5b0ac7f2a0920a1ed93e22087b930e19c49726721617b3a8695fcf?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/apicast-rhel7-operator\u0026tag=1.14.1-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:625d03241c1774de7e73182fa3bd487b8d2a37e71223c0286cee80461424ec36_ppc64le",
                "product": {
                  "name": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:625d03241c1774de7e73182fa3bd487b8d2a37e71223c0286cee80461424ec36_ppc64le",
                  "product_id": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:625d03241c1774de7e73182fa3bd487b8d2a37e71223c0286cee80461424ec36_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/3scale-rhel7-operator-metadata@sha256:625d03241c1774de7e73182fa3bd487b8d2a37e71223c0286cee80461424ec36?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/3scale-rhel7-operator-metadata\u0026tag=2.11.1-33"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/3scale-rhel7-operator@sha256:2d88b59f54b3446fd1e146ed232549e8f0c0f199d05ba63c5c35a6687eab3c0d_ppc64le",
                "product": {
                  "name": "3scale-amp2/3scale-rhel7-operator@sha256:2d88b59f54b3446fd1e146ed232549e8f0c0f199d05ba63c5c35a6687eab3c0d_ppc64le",
                  "product_id": "3scale-amp2/3scale-rhel7-operator@sha256:2d88b59f54b3446fd1e146ed232549e8f0c0f199d05ba63c5c35a6687eab3c0d_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/3scale-rhel7-operator@sha256:2d88b59f54b3446fd1e146ed232549e8f0c0f199d05ba63c5c35a6687eab3c0d?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/3scale-rhel7-operator\u0026tag=1.14.1-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3scale-amp2/toolbox-rhel8@sha256:89a7f8228a70fb6fdc0408b6e995660967ccee5b627ac3f3cc81fb64d04c7c25_ppc64le",
                "product": {
                  "name": "3scale-amp2/toolbox-rhel8@sha256:89a7f8228a70fb6fdc0408b6e995660967ccee5b627ac3f3cc81fb64d04c7c25_ppc64le",
                  "product_id": "3scale-amp2/toolbox-rhel8@sha256:89a7f8228a70fb6fdc0408b6e995660967ccee5b627ac3f3cc81fb64d04c7c25_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/toolbox-rhel8@sha256:89a7f8228a70fb6fdc0408b6e995660967ccee5b627ac3f3cc81fb64d04c7c25?arch=ppc64le\u0026repository_url=registry.redhat.io/3scale-amp2/toolbox-rhel8\u0026tag=1.7.1-5"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:52beda035f75cd318b9648736bcbb5450b1201d02e24991b9f283286822fef10_amd64 as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator-metadata@sha256:52beda035f75cd318b9648736bcbb5450b1201d02e24991b9f283286822fef10_amd64"
        },
        "product_reference": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:52beda035f75cd318b9648736bcbb5450b1201d02e24991b9f283286822fef10_amd64",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:625d03241c1774de7e73182fa3bd487b8d2a37e71223c0286cee80461424ec36_ppc64le as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator-metadata@sha256:625d03241c1774de7e73182fa3bd487b8d2a37e71223c0286cee80461424ec36_ppc64le"
        },
        "product_reference": "3scale-amp2/3scale-rhel7-operator-metadata@sha256:625d03241c1774de7e73182fa3bd487b8d2a37e71223c0286cee80461424ec36_ppc64le",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/3scale-rhel7-operator@sha256:0eb85546aa897e620a80589c4feb17fd567cab22008c15f68856af891b82f3a3_amd64 as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator@sha256:0eb85546aa897e620a80589c4feb17fd567cab22008c15f68856af891b82f3a3_amd64"
        },
        "product_reference": "3scale-amp2/3scale-rhel7-operator@sha256:0eb85546aa897e620a80589c4feb17fd567cab22008c15f68856af891b82f3a3_amd64",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/3scale-rhel7-operator@sha256:2d88b59f54b3446fd1e146ed232549e8f0c0f199d05ba63c5c35a6687eab3c0d_ppc64le as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator@sha256:2d88b59f54b3446fd1e146ed232549e8f0c0f199d05ba63c5c35a6687eab3c0d_ppc64le"
        },
        "product_reference": "3scale-amp2/3scale-rhel7-operator@sha256:2d88b59f54b3446fd1e146ed232549e8f0c0f199d05ba63c5c35a6687eab3c0d_ppc64le",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:3cdddf4944527a760c6b9b83a80761ca103a54bef52c29c6554b64fcf932892d_amd64 as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator-metadata@sha256:3cdddf4944527a760c6b9b83a80761ca103a54bef52c29c6554b64fcf932892d_amd64"
        },
        "product_reference": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:3cdddf4944527a760c6b9b83a80761ca103a54bef52c29c6554b64fcf932892d_amd64",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:52814fc1073461e8b30651469b47ef9fc9fffcf26ed6f0c7a59f2cb528271df4_ppc64le as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator-metadata@sha256:52814fc1073461e8b30651469b47ef9fc9fffcf26ed6f0c7a59f2cb528271df4_ppc64le"
        },
        "product_reference": "3scale-amp2/apicast-rhel7-operator-metadata@sha256:52814fc1073461e8b30651469b47ef9fc9fffcf26ed6f0c7a59f2cb528271df4_ppc64le",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/apicast-rhel7-operator@sha256:971887fcec5b0ac7f2a0920a1ed93e22087b930e19c49726721617b3a8695fcf_ppc64le as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator@sha256:971887fcec5b0ac7f2a0920a1ed93e22087b930e19c49726721617b3a8695fcf_ppc64le"
        },
        "product_reference": "3scale-amp2/apicast-rhel7-operator@sha256:971887fcec5b0ac7f2a0920a1ed93e22087b930e19c49726721617b3a8695fcf_ppc64le",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/apicast-rhel7-operator@sha256:db6d0effa8860adad6b7af7140f2673c84ea371bd6ffe337591b61ad1ad11a5d_amd64 as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator@sha256:db6d0effa8860adad6b7af7140f2673c84ea371bd6ffe337591b61ad1ad11a5d_amd64"
        },
        "product_reference": "3scale-amp2/apicast-rhel7-operator@sha256:db6d0effa8860adad6b7af7140f2673c84ea371bd6ffe337591b61ad1ad11a5d_amd64",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/memcached-rhel7@sha256:c8ad2764f7847f93ddeb80abf6434db7d5e10207aa233514230064c170f0db2a_ppc64le as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "7Server-RH7-3scale-AMP-2.11:3scale-amp2/memcached-rhel7@sha256:c8ad2764f7847f93ddeb80abf6434db7d5e10207aa233514230064c170f0db2a_ppc64le"
        },
        "product_reference": "3scale-amp2/memcached-rhel7@sha256:c8ad2764f7847f93ddeb80abf6434db7d5e10207aa233514230064c170f0db2a_ppc64le",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/memcached-rhel7@sha256:e88d866f2538f3bd556715cce8d50e1310a346a679b4f1ed0e77696d0937998a_amd64 as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "7Server-RH7-3scale-AMP-2.11:3scale-amp2/memcached-rhel7@sha256:e88d866f2538f3bd556715cce8d50e1310a346a679b4f1ed0e77696d0937998a_amd64"
        },
        "product_reference": "3scale-amp2/memcached-rhel7@sha256:e88d866f2538f3bd556715cce8d50e1310a346a679b4f1ed0e77696d0937998a_amd64",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/system-rhel7@sha256:32852c1ef328d9856012f8ae95b8ae755cd563422d24da6f36a41d3bb55a9d25_amd64 as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "7Server-RH7-3scale-AMP-2.11:3scale-amp2/system-rhel7@sha256:32852c1ef328d9856012f8ae95b8ae755cd563422d24da6f36a41d3bb55a9d25_amd64"
        },
        "product_reference": "3scale-amp2/system-rhel7@sha256:32852c1ef328d9856012f8ae95b8ae755cd563422d24da6f36a41d3bb55a9d25_amd64",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/system-rhel7@sha256:6af9c5133729b0d13cafd5ca3852252b1d8e9298095d1a078abe6569e84fd1cb_ppc64le as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "7Server-RH7-3scale-AMP-2.11:3scale-amp2/system-rhel7@sha256:6af9c5133729b0d13cafd5ca3852252b1d8e9298095d1a078abe6569e84fd1cb_ppc64le"
        },
        "product_reference": "3scale-amp2/system-rhel7@sha256:6af9c5133729b0d13cafd5ca3852252b1d8e9298095d1a078abe6569e84fd1cb_ppc64le",
        "relates_to_product_reference": "7Server-RH7-3scale-AMP-2.11"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/apicast-gateway-rhel8@sha256:2cce2b4dd44a06c6d08ee85e6c586ee8736a8b792edfd404d857e1b80758771e_amd64 as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/apicast-gateway-rhel8@sha256:2cce2b4dd44a06c6d08ee85e6c586ee8736a8b792edfd404d857e1b80758771e_amd64"
        },
        "product_reference": "3scale-amp2/apicast-gateway-rhel8@sha256:2cce2b4dd44a06c6d08ee85e6c586ee8736a8b792edfd404d857e1b80758771e_amd64",
        "relates_to_product_reference": "8Base-3scale-AMP-2.11-RHEL-8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/apicast-gateway-rhel8@sha256:e8a8bfcc5e197593fc5b597e47899ae5c8f4289d16d162e683c0b59509eb1ddd_ppc64le as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/apicast-gateway-rhel8@sha256:e8a8bfcc5e197593fc5b597e47899ae5c8f4289d16d162e683c0b59509eb1ddd_ppc64le"
        },
        "product_reference": "3scale-amp2/apicast-gateway-rhel8@sha256:e8a8bfcc5e197593fc5b597e47899ae5c8f4289d16d162e683c0b59509eb1ddd_ppc64le",
        "relates_to_product_reference": "8Base-3scale-AMP-2.11-RHEL-8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/backend-rhel8@sha256:10818e4c115a4f6590eb452d401d96a4c43225803434608a7320bd7fa27d5019_ppc64le as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/backend-rhel8@sha256:10818e4c115a4f6590eb452d401d96a4c43225803434608a7320bd7fa27d5019_ppc64le"
        },
        "product_reference": "3scale-amp2/backend-rhel8@sha256:10818e4c115a4f6590eb452d401d96a4c43225803434608a7320bd7fa27d5019_ppc64le",
        "relates_to_product_reference": "8Base-3scale-AMP-2.11-RHEL-8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/backend-rhel8@sha256:2ac5e91302bd75d97fbae9192ac776a19eb48141773db4cb39ba2f907c740682_amd64 as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/backend-rhel8@sha256:2ac5e91302bd75d97fbae9192ac776a19eb48141773db4cb39ba2f907c740682_amd64"
        },
        "product_reference": "3scale-amp2/backend-rhel8@sha256:2ac5e91302bd75d97fbae9192ac776a19eb48141773db4cb39ba2f907c740682_amd64",
        "relates_to_product_reference": "8Base-3scale-AMP-2.11-RHEL-8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/toolbox-rhel8@sha256:89a7f8228a70fb6fdc0408b6e995660967ccee5b627ac3f3cc81fb64d04c7c25_ppc64le as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/toolbox-rhel8@sha256:89a7f8228a70fb6fdc0408b6e995660967ccee5b627ac3f3cc81fb64d04c7c25_ppc64le"
        },
        "product_reference": "3scale-amp2/toolbox-rhel8@sha256:89a7f8228a70fb6fdc0408b6e995660967ccee5b627ac3f3cc81fb64d04c7c25_ppc64le",
        "relates_to_product_reference": "8Base-3scale-AMP-2.11-RHEL-8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/toolbox-rhel8@sha256:cbff9001b7fb3af8b890a50834739a20b5fab7d186ddb3d171ebcf5abdffaebb_amd64 as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/toolbox-rhel8@sha256:cbff9001b7fb3af8b890a50834739a20b5fab7d186ddb3d171ebcf5abdffaebb_amd64"
        },
        "product_reference": "3scale-amp2/toolbox-rhel8@sha256:cbff9001b7fb3af8b890a50834739a20b5fab7d186ddb3d171ebcf5abdffaebb_amd64",
        "relates_to_product_reference": "8Base-3scale-AMP-2.11-RHEL-8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/zync-rhel8@sha256:586cb426e8363239abb94ccce8c85141b26bf50e04a5a05989905f4318be80b9_amd64 as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/zync-rhel8@sha256:586cb426e8363239abb94ccce8c85141b26bf50e04a5a05989905f4318be80b9_amd64"
        },
        "product_reference": "3scale-amp2/zync-rhel8@sha256:586cb426e8363239abb94ccce8c85141b26bf50e04a5a05989905f4318be80b9_amd64",
        "relates_to_product_reference": "8Base-3scale-AMP-2.11-RHEL-8"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "3scale-amp2/zync-rhel8@sha256:8ce669e94ac7a53a4b1b608a34c65aacc1922ea572386960747e12b378900cde_ppc64le as a component of Red Hat 3Scale AMP 2.11",
          "product_id": "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/zync-rhel8@sha256:8ce669e94ac7a53a4b1b608a34c65aacc1922ea572386960747e12b378900cde_ppc64le"
        },
        "product_reference": "3scale-amp2/zync-rhel8@sha256:8ce669e94ac7a53a4b1b608a34c65aacc1922ea572386960747e12b378900cde_ppc64le",
        "relates_to_product_reference": "8Base-3scale-AMP-2.11-RHEL-8"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-26247",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2020-12-30T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1912487"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Nokogiri. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XML External Entity (XXE) or Server-side request forgery (SSRF) attacks. The highest threat from this vulnerability is to data confidentiality.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "rubygem-nokogiri: XML external entity injection via Nokogiri::XML::Schema",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator-metadata@sha256:52beda035f75cd318b9648736bcbb5450b1201d02e24991b9f283286822fef10_amd64",
          "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator-metadata@sha256:625d03241c1774de7e73182fa3bd487b8d2a37e71223c0286cee80461424ec36_ppc64le",
          "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator@sha256:0eb85546aa897e620a80589c4feb17fd567cab22008c15f68856af891b82f3a3_amd64",
          "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator@sha256:2d88b59f54b3446fd1e146ed232549e8f0c0f199d05ba63c5c35a6687eab3c0d_ppc64le",
          "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator-metadata@sha256:3cdddf4944527a760c6b9b83a80761ca103a54bef52c29c6554b64fcf932892d_amd64",
          "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator-metadata@sha256:52814fc1073461e8b30651469b47ef9fc9fffcf26ed6f0c7a59f2cb528271df4_ppc64le",
          "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator@sha256:971887fcec5b0ac7f2a0920a1ed93e22087b930e19c49726721617b3a8695fcf_ppc64le",
          "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator@sha256:db6d0effa8860adad6b7af7140f2673c84ea371bd6ffe337591b61ad1ad11a5d_amd64",
          "7Server-RH7-3scale-AMP-2.11:3scale-amp2/memcached-rhel7@sha256:c8ad2764f7847f93ddeb80abf6434db7d5e10207aa233514230064c170f0db2a_ppc64le",
          "7Server-RH7-3scale-AMP-2.11:3scale-amp2/memcached-rhel7@sha256:e88d866f2538f3bd556715cce8d50e1310a346a679b4f1ed0e77696d0937998a_amd64",
          "7Server-RH7-3scale-AMP-2.11:3scale-amp2/system-rhel7@sha256:32852c1ef328d9856012f8ae95b8ae755cd563422d24da6f36a41d3bb55a9d25_amd64",
          "7Server-RH7-3scale-AMP-2.11:3scale-amp2/system-rhel7@sha256:6af9c5133729b0d13cafd5ca3852252b1d8e9298095d1a078abe6569e84fd1cb_ppc64le",
          "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/apicast-gateway-rhel8@sha256:2cce2b4dd44a06c6d08ee85e6c586ee8736a8b792edfd404d857e1b80758771e_amd64",
          "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/apicast-gateway-rhel8@sha256:e8a8bfcc5e197593fc5b597e47899ae5c8f4289d16d162e683c0b59509eb1ddd_ppc64le",
          "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/backend-rhel8@sha256:10818e4c115a4f6590eb452d401d96a4c43225803434608a7320bd7fa27d5019_ppc64le",
          "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/backend-rhel8@sha256:2ac5e91302bd75d97fbae9192ac776a19eb48141773db4cb39ba2f907c740682_amd64",
          "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/toolbox-rhel8@sha256:89a7f8228a70fb6fdc0408b6e995660967ccee5b627ac3f3cc81fb64d04c7c25_ppc64le",
          "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/toolbox-rhel8@sha256:cbff9001b7fb3af8b890a50834739a20b5fab7d186ddb3d171ebcf5abdffaebb_amd64",
          "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/zync-rhel8@sha256:586cb426e8363239abb94ccce8c85141b26bf50e04a5a05989905f4318be80b9_amd64",
          "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/zync-rhel8@sha256:8ce669e94ac7a53a4b1b608a34c65aacc1922ea572386960747e12b378900cde_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-26247"
        },
        {
          "category": "external",
          "summary": "RHBZ#1912487",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912487"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-26247",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-26247"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-26247",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26247"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-vr8q-g5c7-m54m",
          "url": "https://github.com/advisories/GHSA-vr8q-g5c7-m54m"
        }
      ],
      "release_date": "2020-12-30T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2021-12-16T18:02:46+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.11/html-single/installing_3scale/index",
          "product_ids": [
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator-metadata@sha256:52beda035f75cd318b9648736bcbb5450b1201d02e24991b9f283286822fef10_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator-metadata@sha256:625d03241c1774de7e73182fa3bd487b8d2a37e71223c0286cee80461424ec36_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator@sha256:0eb85546aa897e620a80589c4feb17fd567cab22008c15f68856af891b82f3a3_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator@sha256:2d88b59f54b3446fd1e146ed232549e8f0c0f199d05ba63c5c35a6687eab3c0d_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator-metadata@sha256:3cdddf4944527a760c6b9b83a80761ca103a54bef52c29c6554b64fcf932892d_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator-metadata@sha256:52814fc1073461e8b30651469b47ef9fc9fffcf26ed6f0c7a59f2cb528271df4_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator@sha256:971887fcec5b0ac7f2a0920a1ed93e22087b930e19c49726721617b3a8695fcf_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator@sha256:db6d0effa8860adad6b7af7140f2673c84ea371bd6ffe337591b61ad1ad11a5d_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/memcached-rhel7@sha256:c8ad2764f7847f93ddeb80abf6434db7d5e10207aa233514230064c170f0db2a_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/memcached-rhel7@sha256:e88d866f2538f3bd556715cce8d50e1310a346a679b4f1ed0e77696d0937998a_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/system-rhel7@sha256:32852c1ef328d9856012f8ae95b8ae755cd563422d24da6f36a41d3bb55a9d25_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/system-rhel7@sha256:6af9c5133729b0d13cafd5ca3852252b1d8e9298095d1a078abe6569e84fd1cb_ppc64le",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/apicast-gateway-rhel8@sha256:2cce2b4dd44a06c6d08ee85e6c586ee8736a8b792edfd404d857e1b80758771e_amd64",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/apicast-gateway-rhel8@sha256:e8a8bfcc5e197593fc5b597e47899ae5c8f4289d16d162e683c0b59509eb1ddd_ppc64le",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/backend-rhel8@sha256:10818e4c115a4f6590eb452d401d96a4c43225803434608a7320bd7fa27d5019_ppc64le",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/backend-rhel8@sha256:2ac5e91302bd75d97fbae9192ac776a19eb48141773db4cb39ba2f907c740682_amd64",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/toolbox-rhel8@sha256:89a7f8228a70fb6fdc0408b6e995660967ccee5b627ac3f3cc81fb64d04c7c25_ppc64le",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/toolbox-rhel8@sha256:cbff9001b7fb3af8b890a50834739a20b5fab7d186ddb3d171ebcf5abdffaebb_amd64",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/zync-rhel8@sha256:586cb426e8363239abb94ccce8c85141b26bf50e04a5a05989905f4318be80b9_amd64",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/zync-rhel8@sha256:8ce669e94ac7a53a4b1b608a34c65aacc1922ea572386960747e12b378900cde_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2021:5191"
        },
        {
          "category": "workaround",
          "details": "There are no known workarounds for affected versions. Please refer to the upstream advisory page for additional information.",
          "product_ids": [
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator-metadata@sha256:52beda035f75cd318b9648736bcbb5450b1201d02e24991b9f283286822fef10_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator-metadata@sha256:625d03241c1774de7e73182fa3bd487b8d2a37e71223c0286cee80461424ec36_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator@sha256:0eb85546aa897e620a80589c4feb17fd567cab22008c15f68856af891b82f3a3_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator@sha256:2d88b59f54b3446fd1e146ed232549e8f0c0f199d05ba63c5c35a6687eab3c0d_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator-metadata@sha256:3cdddf4944527a760c6b9b83a80761ca103a54bef52c29c6554b64fcf932892d_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator-metadata@sha256:52814fc1073461e8b30651469b47ef9fc9fffcf26ed6f0c7a59f2cb528271df4_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator@sha256:971887fcec5b0ac7f2a0920a1ed93e22087b930e19c49726721617b3a8695fcf_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator@sha256:db6d0effa8860adad6b7af7140f2673c84ea371bd6ffe337591b61ad1ad11a5d_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/memcached-rhel7@sha256:c8ad2764f7847f93ddeb80abf6434db7d5e10207aa233514230064c170f0db2a_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/memcached-rhel7@sha256:e88d866f2538f3bd556715cce8d50e1310a346a679b4f1ed0e77696d0937998a_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/system-rhel7@sha256:32852c1ef328d9856012f8ae95b8ae755cd563422d24da6f36a41d3bb55a9d25_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/system-rhel7@sha256:6af9c5133729b0d13cafd5ca3852252b1d8e9298095d1a078abe6569e84fd1cb_ppc64le",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/apicast-gateway-rhel8@sha256:2cce2b4dd44a06c6d08ee85e6c586ee8736a8b792edfd404d857e1b80758771e_amd64",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/apicast-gateway-rhel8@sha256:e8a8bfcc5e197593fc5b597e47899ae5c8f4289d16d162e683c0b59509eb1ddd_ppc64le",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/backend-rhel8@sha256:10818e4c115a4f6590eb452d401d96a4c43225803434608a7320bd7fa27d5019_ppc64le",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/backend-rhel8@sha256:2ac5e91302bd75d97fbae9192ac776a19eb48141773db4cb39ba2f907c740682_amd64",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/toolbox-rhel8@sha256:89a7f8228a70fb6fdc0408b6e995660967ccee5b627ac3f3cc81fb64d04c7c25_ppc64le",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/toolbox-rhel8@sha256:cbff9001b7fb3af8b890a50834739a20b5fab7d186ddb3d171ebcf5abdffaebb_amd64",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/zync-rhel8@sha256:586cb426e8363239abb94ccce8c85141b26bf50e04a5a05989905f4318be80b9_amd64",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/zync-rhel8@sha256:8ce669e94ac7a53a4b1b608a34c65aacc1922ea572386960747e12b378900cde_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator-metadata@sha256:52beda035f75cd318b9648736bcbb5450b1201d02e24991b9f283286822fef10_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator-metadata@sha256:625d03241c1774de7e73182fa3bd487b8d2a37e71223c0286cee80461424ec36_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator@sha256:0eb85546aa897e620a80589c4feb17fd567cab22008c15f68856af891b82f3a3_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/3scale-rhel7-operator@sha256:2d88b59f54b3446fd1e146ed232549e8f0c0f199d05ba63c5c35a6687eab3c0d_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator-metadata@sha256:3cdddf4944527a760c6b9b83a80761ca103a54bef52c29c6554b64fcf932892d_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator-metadata@sha256:52814fc1073461e8b30651469b47ef9fc9fffcf26ed6f0c7a59f2cb528271df4_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator@sha256:971887fcec5b0ac7f2a0920a1ed93e22087b930e19c49726721617b3a8695fcf_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/apicast-rhel7-operator@sha256:db6d0effa8860adad6b7af7140f2673c84ea371bd6ffe337591b61ad1ad11a5d_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/memcached-rhel7@sha256:c8ad2764f7847f93ddeb80abf6434db7d5e10207aa233514230064c170f0db2a_ppc64le",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/memcached-rhel7@sha256:e88d866f2538f3bd556715cce8d50e1310a346a679b4f1ed0e77696d0937998a_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/system-rhel7@sha256:32852c1ef328d9856012f8ae95b8ae755cd563422d24da6f36a41d3bb55a9d25_amd64",
            "7Server-RH7-3scale-AMP-2.11:3scale-amp2/system-rhel7@sha256:6af9c5133729b0d13cafd5ca3852252b1d8e9298095d1a078abe6569e84fd1cb_ppc64le",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/apicast-gateway-rhel8@sha256:2cce2b4dd44a06c6d08ee85e6c586ee8736a8b792edfd404d857e1b80758771e_amd64",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/apicast-gateway-rhel8@sha256:e8a8bfcc5e197593fc5b597e47899ae5c8f4289d16d162e683c0b59509eb1ddd_ppc64le",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/backend-rhel8@sha256:10818e4c115a4f6590eb452d401d96a4c43225803434608a7320bd7fa27d5019_ppc64le",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/backend-rhel8@sha256:2ac5e91302bd75d97fbae9192ac776a19eb48141773db4cb39ba2f907c740682_amd64",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/toolbox-rhel8@sha256:89a7f8228a70fb6fdc0408b6e995660967ccee5b627ac3f3cc81fb64d04c7c25_ppc64le",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/toolbox-rhel8@sha256:cbff9001b7fb3af8b890a50834739a20b5fab7d186ddb3d171ebcf5abdffaebb_amd64",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/zync-rhel8@sha256:586cb426e8363239abb94ccce8c85141b26bf50e04a5a05989905f4318be80b9_amd64",
            "8Base-3scale-AMP-2.11-RHEL-8:3scale-amp2/zync-rhel8@sha256:8ce669e94ac7a53a4b1b608a34c65aacc1922ea572386960747e12b378900cde_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "rubygem-nokogiri: XML external entity injection via Nokogiri::XML::Schema"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.