csaf_redhat - rhsa-2022

rhsa-2022_0226

Vulnerability from csaf_redhat

Published

2022-01-20 21:39

Modified

2024-09-18 02:36

Summary

Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging bug fix and security update (5.1.7)

Notes

Topic

An update is now available for OpenShift Logging (5.1.7) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

OpenShift Logging Bug Fix Release (5.1.7) Security Fix(es): * nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292) * log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update is now available for OpenShift Logging (5.1.7)\n\nRed Hat Product Security has rated this update as having a security impact of\nModerate. A Common Vulnerability Scoring System (CVSS) base score, which gives\na detailed severity rating, is available for each vulnerability from the CVE\nlink(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift Logging Bug Fix Release (5.1.7)\n\nSecurity Fix(es):\n\n* nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292)\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:0226",
        "url": "https://access.redhat.com/errata/RHSA-2022:0226"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1940613",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940613"
      },
      {
        "category": "external",
        "summary": "2035951",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_0226.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat OpenShift Enterprise Logging bug fix and security update (5.1.7)",
    "tracking": {
      "current_release_date": "2024-09-18T02:36:36+00:00",
      "generator": {
        "date": "2024-09-18T02:36:36+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2022:0226",
      "initial_release_date": "2022-01-20T21:39:00+00:00",
      "revision_history": [
        {
          "date": "2022-01-20T21:39:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-01-20T21:39:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-18T02:36:36+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "OpenShift Logging 5.1",
                "product": {
                  "name": "OpenShift Logging 5.1",
                  "product_id": "8Base-OSE-LOGGING-5.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:logging:5.1::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:5f1436f57bc60663619d099cc54eac735a4ea885eb224a659b0aad66f14dcc36_s390x",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:5f1436f57bc60663619d099cc54eac735a4ea885eb224a659b0aad66f14dcc36_s390x",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:5f1436f57bc60663619d099cc54eac735a4ea885eb224a659b0aad66f14dcc36_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:5f1436f57bc60663619d099cc54eac735a4ea885eb224a659b0aad66f14dcc36?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.1.7-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:747bf587b1cb27d3fc872f40938a8f3ded033c97eab756712ca2a427fbeee4f0_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:747bf587b1cb27d3fc872f40938a8f3ded033c97eab756712ca2a427fbeee4f0_s390x",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:747bf587b1cb27d3fc872f40938a8f3ded033c97eab756712ca2a427fbeee4f0_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:747bf587b1cb27d3fc872f40938a8f3ded033c97eab756712ca2a427fbeee4f0?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.1.7-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7eca37c2de3ab91f5561bc30d6057dcc7e32dd3e41af9c78739b2c840d26f3d4_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7eca37c2de3ab91f5561bc30d6057dcc7e32dd3e41af9c78739b2c840d26f3d4_s390x",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7eca37c2de3ab91f5561bc30d6057dcc7e32dd3e41af9c78739b2c840d26f3d4_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:7eca37c2de3ab91f5561bc30d6057dcc7e32dd3e41af9c78739b2c840d26f3d4?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-102"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce_s390x",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-98"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:499aa444f1c77cc0e238577b35ce707a6233b7c10695aa058f036694cc65f62d_s390x",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:499aa444f1c77cc0e238577b35ce707a6233b7c10695aa058f036694cc65f62d_s390x",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:499aa444f1c77cc0e238577b35ce707a6233b7c10695aa058f036694cc65f62d_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:499aa444f1c77cc0e238577b35ce707a6233b7c10695aa058f036694cc65f62d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-97"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:dd94d77116595d5aede41e3fdd38681767a0ac294b743b9d608268fef97720d1_s390x",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:dd94d77116595d5aede41e3fdd38681767a0ac294b743b9d608268fef97720d1_s390x",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:dd94d77116595d5aede41e3fdd38681767a0ac294b743b9d608268fef97720d1_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:dd94d77116595d5aede41e3fdd38681767a0ac294b743b9d608268fef97720d1?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-102"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5_s390x",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5_s390x",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-108"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f96340f2ae0699d07b36e2e0e47bdda190635c276eb9122513f57b2f0ffd25f7_ppc64le",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f96340f2ae0699d07b36e2e0e47bdda190635c276eb9122513f57b2f0ffd25f7_ppc64le",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:f96340f2ae0699d07b36e2e0e47bdda190635c276eb9122513f57b2f0ffd25f7_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:f96340f2ae0699d07b36e2e0e47bdda190635c276eb9122513f57b2f0ffd25f7?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.1.7-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:0d759e02a84eaf59cffc0143b51fd922363f0488a537562731e5c71bbd555a92_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:0d759e02a84eaf59cffc0143b51fd922363f0488a537562731e5c71bbd555a92_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:0d759e02a84eaf59cffc0143b51fd922363f0488a537562731e5c71bbd555a92_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:0d759e02a84eaf59cffc0143b51fd922363f0488a537562731e5c71bbd555a92?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.1.7-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9025248fa3fe48e38e12409b77b93782a2c2977fd48cf43de74bfbf8ed4a016_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9025248fa3fe48e38e12409b77b93782a2c2977fd48cf43de74bfbf8ed4a016_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9025248fa3fe48e38e12409b77b93782a2c2977fd48cf43de74bfbf8ed4a016_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:b9025248fa3fe48e38e12409b77b93782a2c2977fd48cf43de74bfbf8ed4a016?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-102"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4_ppc64le",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-98"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:b7706ebba12fba423afe2b333677aa4fa16ecd72cfcd2c5b076dfb34d5d400e6_ppc64le",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:b7706ebba12fba423afe2b333677aa4fa16ecd72cfcd2c5b076dfb34d5d400e6_ppc64le",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:b7706ebba12fba423afe2b333677aa4fa16ecd72cfcd2c5b076dfb34d5d400e6_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:b7706ebba12fba423afe2b333677aa4fa16ecd72cfcd2c5b076dfb34d5d400e6?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-97"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:63a5e130e712bf0292167f0aa8c3018b77bdb73042160fd14057d4678ff613ff_ppc64le",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:63a5e130e712bf0292167f0aa8c3018b77bdb73042160fd14057d4678ff613ff_ppc64le",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:63a5e130e712bf0292167f0aa8c3018b77bdb73042160fd14057d4678ff613ff_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:63a5e130e712bf0292167f0aa8c3018b77bdb73042160fd14057d4678ff613ff?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-102"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc_ppc64le",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc_ppc64le",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-108"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:8715b4821f39144aeb5d015e0621c859b45d3175c0f8415bd1542f7f7f063dec_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:8715b4821f39144aeb5d015e0621c859b45d3175c0f8415bd1542f7f7f063dec_amd64",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:8715b4821f39144aeb5d015e0621c859b45d3175c0f8415bd1542f7f7f063dec_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:8715b4821f39144aeb5d015e0621c859b45d3175c0f8415bd1542f7f7f063dec?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.1.7-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-operator-bundle@sha256:cd21e02ce7d7900dd20083b561b98161199561726c310c1ff3f619b700a660d9_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-operator-bundle@sha256:cd21e02ce7d7900dd20083b561b98161199561726c310c1ff3f619b700a660d9_amd64",
                  "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:cd21e02ce7d7900dd20083b561b98161199561726c310c1ff3f619b700a660d9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:cd21e02ce7d7900dd20083b561b98161199561726c310c1ff3f619b700a660d9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.1.7-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:df696bb6cc563e646f51ccd409c961cfb06b39f361857392ec80f30add0927ab_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:df696bb6cc563e646f51ccd409c961cfb06b39f361857392ec80f30add0927ab_amd64",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:df696bb6cc563e646f51ccd409c961cfb06b39f361857392ec80f30add0927ab_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:df696bb6cc563e646f51ccd409c961cfb06b39f361857392ec80f30add0927ab?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.1.7-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-operator-bundle@sha256:8c60be512aa5cbec4247f2bcbcb0d829edc2f4b2c28ebd78673be8c15b4c4d99_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-operator-bundle@sha256:8c60be512aa5cbec4247f2bcbcb0d829edc2f4b2c28ebd78673be8c15b4c4d99_amd64",
                  "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:8c60be512aa5cbec4247f2bcbcb0d829edc2f4b2c28ebd78673be8c15b4c4d99_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:8c60be512aa5cbec4247f2bcbcb0d829edc2f4b2c28ebd78673be8c15b4c4d99?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.1.7-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:75ad4b059c54e8c089de590a7dd0425a07049fb4721e83e894bf72dba2580fe7_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:75ad4b059c54e8c089de590a7dd0425a07049fb4721e83e894bf72dba2580fe7_amd64",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:75ad4b059c54e8c089de590a7dd0425a07049fb4721e83e894bf72dba2580fe7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:75ad4b059c54e8c089de590a7dd0425a07049fb4721e83e894bf72dba2580fe7?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-102"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4_amd64",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-98"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:b21561dc5237b5c9bc65ffdfa8e62d364a02631e0e06307883463357229ff06f_amd64",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:b21561dc5237b5c9bc65ffdfa8e62d364a02631e0e06307883463357229ff06f_amd64",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:b21561dc5237b5c9bc65ffdfa8e62d364a02631e0e06307883463357229ff06f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:b21561dc5237b5c9bc65ffdfa8e62d364a02631e0e06307883463357229ff06f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-97"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:2eb43cd05fa769240e683de25d8913ea1379c0f69d656dec66efd7d4f5e70217_amd64",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:2eb43cd05fa769240e683de25d8913ea1379c0f69d656dec66efd7d4f5e70217_amd64",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:2eb43cd05fa769240e683de25d8913ea1379c0f69d656dec66efd7d4f5e70217_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:2eb43cd05fa769240e683de25d8913ea1379c0f69d656dec66efd7d4f5e70217?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-102"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21_amd64",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21_amd64",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-108"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-operator-bundle@sha256:cd21e02ce7d7900dd20083b561b98161199561726c310c1ff3f619b700a660d9_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:cd21e02ce7d7900dd20083b561b98161199561726c310c1ff3f619b700a660d9_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:cd21e02ce7d7900dd20083b561b98161199561726c310c1ff3f619b700a660d9_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:5f1436f57bc60663619d099cc54eac735a4ea885eb224a659b0aad66f14dcc36_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:5f1436f57bc60663619d099cc54eac735a4ea885eb224a659b0aad66f14dcc36_s390x"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:5f1436f57bc60663619d099cc54eac735a4ea885eb224a659b0aad66f14dcc36_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:8715b4821f39144aeb5d015e0621c859b45d3175c0f8415bd1542f7f7f063dec_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:8715b4821f39144aeb5d015e0621c859b45d3175c0f8415bd1542f7f7f063dec_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:8715b4821f39144aeb5d015e0621c859b45d3175c0f8415bd1542f7f7f063dec_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:f96340f2ae0699d07b36e2e0e47bdda190635c276eb9122513f57b2f0ffd25f7_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:f96340f2ae0699d07b36e2e0e47bdda190635c276eb9122513f57b2f0ffd25f7_ppc64le"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:f96340f2ae0699d07b36e2e0e47bdda190635c276eb9122513f57b2f0ffd25f7_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-operator-bundle@sha256:8c60be512aa5cbec4247f2bcbcb0d829edc2f4b2c28ebd78673be8c15b4c4d99_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:8c60be512aa5cbec4247f2bcbcb0d829edc2f4b2c28ebd78673be8c15b4c4d99_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:8c60be512aa5cbec4247f2bcbcb0d829edc2f4b2c28ebd78673be8c15b4c4d99_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:75ad4b059c54e8c089de590a7dd0425a07049fb4721e83e894bf72dba2580fe7_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:75ad4b059c54e8c089de590a7dd0425a07049fb4721e83e894bf72dba2580fe7_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:75ad4b059c54e8c089de590a7dd0425a07049fb4721e83e894bf72dba2580fe7_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7eca37c2de3ab91f5561bc30d6057dcc7e32dd3e41af9c78739b2c840d26f3d4_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:7eca37c2de3ab91f5561bc30d6057dcc7e32dd3e41af9c78739b2c840d26f3d4_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:7eca37c2de3ab91f5561bc30d6057dcc7e32dd3e41af9c78739b2c840d26f3d4_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9025248fa3fe48e38e12409b77b93782a2c2977fd48cf43de74bfbf8ed4a016_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9025248fa3fe48e38e12409b77b93782a2c2977fd48cf43de74bfbf8ed4a016_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:b9025248fa3fe48e38e12409b77b93782a2c2977fd48cf43de74bfbf8ed4a016_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:0d759e02a84eaf59cffc0143b51fd922363f0488a537562731e5c71bbd555a92_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0d759e02a84eaf59cffc0143b51fd922363f0488a537562731e5c71bbd555a92_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:0d759e02a84eaf59cffc0143b51fd922363f0488a537562731e5c71bbd555a92_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:747bf587b1cb27d3fc872f40938a8f3ded033c97eab756712ca2a427fbeee4f0_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:747bf587b1cb27d3fc872f40938a8f3ded033c97eab756712ca2a427fbeee4f0_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:747bf587b1cb27d3fc872f40938a8f3ded033c97eab756712ca2a427fbeee4f0_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:df696bb6cc563e646f51ccd409c961cfb06b39f361857392ec80f30add0927ab_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:df696bb6cc563e646f51ccd409c961cfb06b39f361857392ec80f30add0927ab_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:df696bb6cc563e646f51ccd409c961cfb06b39f361857392ec80f30add0927ab_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:499aa444f1c77cc0e238577b35ce707a6233b7c10695aa058f036694cc65f62d_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:499aa444f1c77cc0e238577b35ce707a6233b7c10695aa058f036694cc65f62d_s390x"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:499aa444f1c77cc0e238577b35ce707a6233b7c10695aa058f036694cc65f62d_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:b21561dc5237b5c9bc65ffdfa8e62d364a02631e0e06307883463357229ff06f_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b21561dc5237b5c9bc65ffdfa8e62d364a02631e0e06307883463357229ff06f_amd64"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:b21561dc5237b5c9bc65ffdfa8e62d364a02631e0e06307883463357229ff06f_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:b7706ebba12fba423afe2b333677aa4fa16ecd72cfcd2c5b076dfb34d5d400e6_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b7706ebba12fba423afe2b333677aa4fa16ecd72cfcd2c5b076dfb34d5d400e6_ppc64le"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:b7706ebba12fba423afe2b333677aa4fa16ecd72cfcd2c5b076dfb34d5d400e6_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:2eb43cd05fa769240e683de25d8913ea1379c0f69d656dec66efd7d4f5e70217_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:2eb43cd05fa769240e683de25d8913ea1379c0f69d656dec66efd7d4f5e70217_amd64"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:2eb43cd05fa769240e683de25d8913ea1379c0f69d656dec66efd7d4f5e70217_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:63a5e130e712bf0292167f0aa8c3018b77bdb73042160fd14057d4678ff613ff_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:63a5e130e712bf0292167f0aa8c3018b77bdb73042160fd14057d4678ff613ff_ppc64le"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:63a5e130e712bf0292167f0aa8c3018b77bdb73042160fd14057d4678ff613ff_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:dd94d77116595d5aede41e3fdd38681767a0ac294b743b9d608268fef97720d1_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:dd94d77116595d5aede41e3fdd38681767a0ac294b743b9d608268fef97720d1_s390x"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:dd94d77116595d5aede41e3fdd38681767a0ac294b743b9d608268fef97720d1_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5_s390x as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5_s390x"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21_amd64 as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21_amd64"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc_ppc64le as a component of OpenShift Logging 5.1",
          "product_id": "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc_ppc64le"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-27292",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-03-17T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:cd21e02ce7d7900dd20083b561b98161199561726c310c1ff3f619b700a660d9_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:5f1436f57bc60663619d099cc54eac735a4ea885eb224a659b0aad66f14dcc36_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:8715b4821f39144aeb5d015e0621c859b45d3175c0f8415bd1542f7f7f063dec_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:f96340f2ae0699d07b36e2e0e47bdda190635c276eb9122513f57b2f0ffd25f7_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:8c60be512aa5cbec4247f2bcbcb0d829edc2f4b2c28ebd78673be8c15b4c4d99_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:75ad4b059c54e8c089de590a7dd0425a07049fb4721e83e894bf72dba2580fe7_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:7eca37c2de3ab91f5561bc30d6057dcc7e32dd3e41af9c78739b2c840d26f3d4_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9025248fa3fe48e38e12409b77b93782a2c2977fd48cf43de74bfbf8ed4a016_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0d759e02a84eaf59cffc0143b51fd922363f0488a537562731e5c71bbd555a92_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:747bf587b1cb27d3fc872f40938a8f3ded033c97eab756712ca2a427fbeee4f0_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:df696bb6cc563e646f51ccd409c961cfb06b39f361857392ec80f30add0927ab_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:499aa444f1c77cc0e238577b35ce707a6233b7c10695aa058f036694cc65f62d_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b21561dc5237b5c9bc65ffdfa8e62d364a02631e0e06307883463357229ff06f_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b7706ebba12fba423afe2b333677aa4fa16ecd72cfcd2c5b076dfb34d5d400e6_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:2eb43cd05fa769240e683de25d8913ea1379c0f69d656dec66efd7d4f5e70217_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:63a5e130e712bf0292167f0aa8c3018b77bdb73042160fd14057d4678ff613ff_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:dd94d77116595d5aede41e3fdd38681767a0ac294b743b9d608268fef97720d1_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1940613"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A regular expression denial of service (ReDoS) vulnerability was found in the npm library `ua-parser-js`. If a supplied user agent matches the `Noble` string and contains many spaces then the regex will conduct backtracking, taking an ever increasing amount of time depending on the number of spaces supplied. An attacker can use this vulnerability to potentially craft a malicious user agent resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-ua-parser-js: ReDoS via malicious User-Agent header",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While some components do package a vulnerable version of ua-parser-js, access to them requires OpenShift OAuth credentials and hence have been marked with a Low impact. This applies to the following products:\n  - OpenShift Container Platform (OCP)\n  - OpenShift ServiceMesh (OSSM) \n  - Red Hat OpenShift Jaeger (RHOSJ)\n  - Red Hat OpenShift Logging\n\nThe OCP presto-container does ship the vulnerable component, however since OCP 4.6 the Metering product has been deprecated [1], set as wont-fix and may be fixed in a future release.\n\nRed Hat Advanced Cluster Management for Kubernetes (RHACM) ships graphql-tools that pulls 0.7.23 version of ua-parser-js that uses the affected code.\n\n[1] - https://access.redhat.com/solutions/5707561",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc_ppc64le"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:cd21e02ce7d7900dd20083b561b98161199561726c310c1ff3f619b700a660d9_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:5f1436f57bc60663619d099cc54eac735a4ea885eb224a659b0aad66f14dcc36_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:8715b4821f39144aeb5d015e0621c859b45d3175c0f8415bd1542f7f7f063dec_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:f96340f2ae0699d07b36e2e0e47bdda190635c276eb9122513f57b2f0ffd25f7_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:8c60be512aa5cbec4247f2bcbcb0d829edc2f4b2c28ebd78673be8c15b4c4d99_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:75ad4b059c54e8c089de590a7dd0425a07049fb4721e83e894bf72dba2580fe7_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:7eca37c2de3ab91f5561bc30d6057dcc7e32dd3e41af9c78739b2c840d26f3d4_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9025248fa3fe48e38e12409b77b93782a2c2977fd48cf43de74bfbf8ed4a016_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0d759e02a84eaf59cffc0143b51fd922363f0488a537562731e5c71bbd555a92_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:747bf587b1cb27d3fc872f40938a8f3ded033c97eab756712ca2a427fbeee4f0_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:df696bb6cc563e646f51ccd409c961cfb06b39f361857392ec80f30add0927ab_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:499aa444f1c77cc0e238577b35ce707a6233b7c10695aa058f036694cc65f62d_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b21561dc5237b5c9bc65ffdfa8e62d364a02631e0e06307883463357229ff06f_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b7706ebba12fba423afe2b333677aa4fa16ecd72cfcd2c5b076dfb34d5d400e6_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:2eb43cd05fa769240e683de25d8913ea1379c0f69d656dec66efd7d4f5e70217_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:63a5e130e712bf0292167f0aa8c3018b77bdb73042160fd14057d4678ff613ff_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:dd94d77116595d5aede41e3fdd38681767a0ac294b743b9d608268fef97720d1_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-27292"
        },
        {
          "category": "external",
          "summary": "RHBZ#1940613",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940613"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-27292",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-27292"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-27292",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27292"
        },
        {
          "category": "external",
          "summary": "https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76",
          "url": "https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76"
        }
      ],
      "release_date": "2021-02-11T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0226"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-ua-parser-js: ReDoS via malicious User-Agent header"
    },
    {
      "cve": "CVE-2021-44832",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "discovery_date": "2021-12-28T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:cd21e02ce7d7900dd20083b561b98161199561726c310c1ff3f619b700a660d9_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:5f1436f57bc60663619d099cc54eac735a4ea885eb224a659b0aad66f14dcc36_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:8715b4821f39144aeb5d015e0621c859b45d3175c0f8415bd1542f7f7f063dec_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:f96340f2ae0699d07b36e2e0e47bdda190635c276eb9122513f57b2f0ffd25f7_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:8c60be512aa5cbec4247f2bcbcb0d829edc2f4b2c28ebd78673be8c15b4c4d99_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:75ad4b059c54e8c089de590a7dd0425a07049fb4721e83e894bf72dba2580fe7_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:7eca37c2de3ab91f5561bc30d6057dcc7e32dd3e41af9c78739b2c840d26f3d4_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9025248fa3fe48e38e12409b77b93782a2c2977fd48cf43de74bfbf8ed4a016_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0d759e02a84eaf59cffc0143b51fd922363f0488a537562731e5c71bbd555a92_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:747bf587b1cb27d3fc872f40938a8f3ded033c97eab756712ca2a427fbeee4f0_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:df696bb6cc563e646f51ccd409c961cfb06b39f361857392ec80f30add0927ab_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:499aa444f1c77cc0e238577b35ce707a6233b7c10695aa058f036694cc65f62d_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b21561dc5237b5c9bc65ffdfa8e62d364a02631e0e06307883463357229ff06f_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b7706ebba12fba423afe2b333677aa4fa16ecd72cfcd2c5b076dfb34d5d400e6_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:2eb43cd05fa769240e683de25d8913ea1379c0f69d656dec66efd7d4f5e70217_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:63a5e130e712bf0292167f0aa8c3018b77bdb73042160fd14057d4678ff613ff_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:dd94d77116595d5aede41e3fdd38681767a0ac294b743b9d608268fef97720d1_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2035951"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j-core: remote code execution via JDBC Appender",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Log4j 1.x is not impacted by this vulnerability. Therefore versions of log4j shipped with Red Hat Enterprise Linux are NOT affected by this flaw.\n\nFor Elasticsearch, as shipped in OpenShift Container Platform and OpenShift Logging, access to the log4j2.properties configuration is limited only to the cluster administrators and exploitation requires cluster logging changes, what reduced the impact of this vulnerability significantly [0].\n\n[0] https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476#update-jan-6-5",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4_ppc64le"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:cd21e02ce7d7900dd20083b561b98161199561726c310c1ff3f619b700a660d9_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:5f1436f57bc60663619d099cc54eac735a4ea885eb224a659b0aad66f14dcc36_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:8715b4821f39144aeb5d015e0621c859b45d3175c0f8415bd1542f7f7f063dec_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:f96340f2ae0699d07b36e2e0e47bdda190635c276eb9122513f57b2f0ffd25f7_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:8c60be512aa5cbec4247f2bcbcb0d829edc2f4b2c28ebd78673be8c15b4c4d99_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:75ad4b059c54e8c089de590a7dd0425a07049fb4721e83e894bf72dba2580fe7_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:7eca37c2de3ab91f5561bc30d6057dcc7e32dd3e41af9c78739b2c840d26f3d4_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9025248fa3fe48e38e12409b77b93782a2c2977fd48cf43de74bfbf8ed4a016_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0d759e02a84eaf59cffc0143b51fd922363f0488a537562731e5c71bbd555a92_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:747bf587b1cb27d3fc872f40938a8f3ded033c97eab756712ca2a427fbeee4f0_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:df696bb6cc563e646f51ccd409c961cfb06b39f361857392ec80f30add0927ab_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:499aa444f1c77cc0e238577b35ce707a6233b7c10695aa058f036694cc65f62d_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b21561dc5237b5c9bc65ffdfa8e62d364a02631e0e06307883463357229ff06f_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b7706ebba12fba423afe2b333677aa4fa16ecd72cfcd2c5b076dfb34d5d400e6_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:2eb43cd05fa769240e683de25d8913ea1379c0f69d656dec66efd7d4f5e70217_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:63a5e130e712bf0292167f0aa8c3018b77bdb73042160fd14057d4678ff613ff_ppc64le",
          "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:dd94d77116595d5aede41e3fdd38681767a0ac294b743b9d608268fef97720d1_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5_s390x",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21_amd64",
          "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-44832"
        },
        {
          "category": "external",
          "summary": "RHBZ#2035951",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-44832",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832"
        },
        {
          "category": "external",
          "summary": "https://issues.apache.org/jira/browse/LOG4J2-3293",
          "url": "https://issues.apache.org/jira/browse/LOG4J2-3293"
        }
      ],
      "release_date": "2021-12-28T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For OpenShift Container Platform 4.8 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nFor Red Hat OpenShift Logging 5.1, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.8/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0226"
        },
        {
          "category": "workaround",
          "details": "As per upstream:\n- In prior releases confirm that if the JDBC Appender is being used it is not configured to use any protocol other than Java.\n- Note that only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.",
          "product_ids": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-operator-bundle@sha256:cd21e02ce7d7900dd20083b561b98161199561726c310c1ff3f619b700a660d9_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:5f1436f57bc60663619d099cc54eac735a4ea885eb224a659b0aad66f14dcc36_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:8715b4821f39144aeb5d015e0621c859b45d3175c0f8415bd1542f7f7f063dec_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/cluster-logging-rhel8-operator@sha256:f96340f2ae0699d07b36e2e0e47bdda190635c276eb9122513f57b2f0ffd25f7_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-operator-bundle@sha256:8c60be512aa5cbec4247f2bcbcb0d829edc2f4b2c28ebd78673be8c15b4c4d99_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:75ad4b059c54e8c089de590a7dd0425a07049fb4721e83e894bf72dba2580fe7_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:7eca37c2de3ab91f5561bc30d6057dcc7e32dd3e41af9c78739b2c840d26f3d4_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-proxy-rhel8@sha256:b9025248fa3fe48e38e12409b77b93782a2c2977fd48cf43de74bfbf8ed4a016_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:0d759e02a84eaf59cffc0143b51fd922363f0488a537562731e5c71bbd555a92_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:747bf587b1cb27d3fc872f40938a8f3ded033c97eab756712ca2a427fbeee4f0_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch-rhel8-operator@sha256:df696bb6cc563e646f51ccd409c961cfb06b39f361857392ec80f30add0927ab_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:499aa444f1c77cc0e238577b35ce707a6233b7c10695aa058f036694cc65f62d_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b21561dc5237b5c9bc65ffdfa8e62d364a02631e0e06307883463357229ff06f_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/eventrouter-rhel8@sha256:b7706ebba12fba423afe2b333677aa4fa16ecd72cfcd2c5b076dfb34d5d400e6_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:2eb43cd05fa769240e683de25d8913ea1379c0f69d656dec66efd7d4f5e70217_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:63a5e130e712bf0292167f0aa8c3018b77bdb73042160fd14057d4678ff613ff_ppc64le",
            "8Base-OSE-LOGGING-5.1:openshift-logging/fluentd-rhel8@sha256:dd94d77116595d5aede41e3fdd38681767a0ac294b743b9d608268fef97720d1_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:318f21b10f1b22d14a0bf0d895c597e29f498442bc90fb5c26886e696fbe68a5_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:86302d1e4e1729fd7364b4db5061b4762c683f9d27ed09a7e1489406ac783d21_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/kibana6-rhel8@sha256:b43d04bc71797caab0d1b6bb5f14d18a04b09fee5272e9e03d50056dbb2116fc_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:007deae6e82e1d870385f2c9ed90c1783f9fdb3aca0b97349a66a97e4380b9b4_amd64",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:3e971f5c333ced1166981d713355fd55f984108cd50bf458b9ea29eb637df9ce_s390x",
            "8Base-OSE-LOGGING-5.1:openshift-logging/elasticsearch6-rhel8@sha256:9b1a4b2ca3c32aa6a8a5bbcb28af0e6bbd0ea5368ab317e8a0dc7ba5f9b0ddc4_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "log4j-core: remote code execution via JDBC Appender"
    }
  ]
}

cve-2021-27292

Vulnerability from cvelistv5

Published

2021-03-17 12:34

Modified

2024-08-03 20:48

Severity

Summary

ua-parser-js >= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time.

References

URL	Tags
https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14	x_refsource_MISC
https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76	x_refsource_MISC
https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566	x_refsource_MISC

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T20:48:16.474Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ua-parser-js \u003e= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-18T15:55:13",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-27292",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ua-parser-js \u003e= 0.7.14, fixed in 0.7.24, uses a regular expression which is vulnerable to denial of service. If an attacker sends a malicious User-Agent header, ua-parser-js will get stuck processing it for an extended period of time."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14",
              "refsource": "MISC",
              "url": "https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14"
            },
            {
              "name": "https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76",
              "refsource": "MISC",
              "url": "https://gist.github.com/b-c-ds/6941d80d6b4e694df4bc269493b7be76"
            },
            {
              "name": "https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566",
              "refsource": "MISC",
              "url": "https://github.com/faisalman/ua-parser-js/commit/809439e20e273ce0d25c1d04e111dcf6011eb566"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-27292",
    "datePublished": "2021-03-17T12:34:48",
    "dateReserved": "2021-02-16T00:00:00",
    "dateUpdated": "2024-08-03T20:48:16.474Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-44832

Vulnerability from cvelistv5

Published

2021-12-28 19:35

Modified

2024-08-04 04:32

Severity

Summary

Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration

References

URL	Tags
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd	vendor-advisory, x_refsource_CISCO
https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143	x_refsource_MISC
https://issues.apache.org/jira/browse/LOG4J2-3293	x_refsource_MISC
http://www.openwall.com/lists/oss-security/2021/12/28/1	mailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html	mailing-list, x_refsource_MLIST
https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf	x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/	vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/	vendor-advisory, x_refsource_FEDORA
https://www.oracle.com/security-alerts/cpujan2022.html	x_refsource_MISC
https://security.netapp.com/advisory/ntap-20220104-0001/	x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuapr2022.html	x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.html	x_refsource_MISC

Impacted products

Vendor	Product
Apache Software Foundation	Apache Log4j2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:32:13.076Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://issues.apache.org/jira/browse/LOG4J2-3293"
          },
          {
            "name": "[oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/28/1"
          },
          {
            "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf"
          },
          {
            "name": "FEDORA-2021-c6f471ce0f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/"
          },
          {
            "name": "FEDORA-2021-1bd9151bab",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220104-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Log4j2",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "changes": [
                {
                  "at": "2.13.0",
                  "status": "affected"
                },
                {
                  "at": "2.12.4",
                  "status": "unaffected"
                },
                {
                  "at": "2.4",
                  "status": "affected"
                },
                {
                  "at": "2.3.2",
                  "status": "unaffected"
                },
                {
                  "at": "2.0-beta7",
                  "status": "affected"
                }
              ],
              "lessThan": "2.17.1",
              "status": "affected",
              "version": "log4j-core",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:41:33",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://issues.apache.org/jira/browse/LOG4J2-3293"
        },
        {
          "name": "[oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/28/1"
        },
        {
          "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf"
        },
        {
          "name": "FEDORA-2021-c6f471ce0f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/"
        },
        {
          "name": "FEDORA-2021-1bd9151bab",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220104-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "source": {
        "defect": [
          "LOG4J2-3293",
          ""
        ],
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2021-12-27T00:00:00",
          "value": "reported"
        },
        {
          "lang": "en",
          "time": "2021-12-27T00:00:00",
          "value": "patch proposed, 2.17.1-rc1"
        },
        {
          "lang": "en",
          "time": "2021-12-28T00:00:00",
          "value": "fixed"
        },
        {
          "lang": "en",
          "time": "2021-12-28T00:00:00",
          "value": "public"
        }
      ],
      "title": "Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-44832",
          "STATE": "PUBLIC",
          "TITLE": "Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Log4j2",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "log4j-core",
                            "version_value": "2.17.1"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "log4j-core",
                            "version_value": "2.13.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "log4j-core",
                            "version_value": "2.12.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "log4j-core",
                            "version_value": "2.4"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "log4j-core",
                            "version_value": "2.3.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "log4j-core",
                            "version_value": "2.0-beta7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {
            "other": "moderate"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
            },
            {
              "name": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143"
            },
            {
              "name": "https://issues.apache.org/jira/browse/LOG4J2-3293",
              "refsource": "MISC",
              "url": "https://issues.apache.org/jira/browse/LOG4J2-3293"
            },
            {
              "name": "[oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/12/28/1"
            },
            {
              "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf"
            },
            {
              "name": "FEDORA-2021-c6f471ce0f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/"
            },
            {
              "name": "FEDORA-2021-1bd9151bab",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220104-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220104-0001/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        },
        "source": {
          "defect": [
            "LOG4J2-3293",
            ""
          ],
          "discovery": "UNKNOWN"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2021-12-27T00:00:00",
            "value": "reported"
          },
          {
            "lang": "en",
            "time": "2021-12-27T00:00:00",
            "value": "patch proposed, 2.17.1-rc1"
          },
          {
            "lang": "en",
            "time": "2021-12-28T00:00:00",
            "value": "fixed"
          },
          {
            "lang": "en",
            "time": "2021-12-28T00:00:00",
            "value": "public"
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-44832",
    "datePublished": "2021-12-28T19:35:11",
    "dateReserved": "2021-12-11T00:00:00",
    "dateUpdated": "2024-08-04T04:32:13.076Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

rhsa-2022_0226

Vulnerability from csaf_redhat

cve-2021-27292

Vulnerability from cvelistv5

cve-2021-44832

Vulnerability from cvelistv5

Tags