rhsa-2022_0721
Vulnerability from csaf_redhat
Published
2022-03-01 14:05
Modified
2024-11-15 07:36
Summary
Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.3.5)

Notes

Topic
OpenShift Logging bug fix and security update (5.3.5) Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
OpenShift Logging bug fix and security update (5.3.5) Security Fix(es): * jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491) * origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409 (CVE-2022-0552) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "OpenShift Logging bug fix and security update (5.3.5)\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift Logging bug fix and security update (5.3.5)\n\nSecurity Fix(es):\n\n* jackson-dataformat-cbor:  Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)\n\n* origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409 (CVE-2022-0552)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:0721",
        "url": "https://access.redhat.com/errata/RHSA-2022:0721"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "1930423",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930423"
      },
      {
        "category": "external",
        "summary": "2052539",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539"
      },
      {
        "category": "external",
        "summary": "LOG-2182",
        "url": "https://issues.redhat.com/browse/LOG-2182"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_0721.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.3.5)",
    "tracking": {
      "current_release_date": "2024-11-15T07:36:14+00:00",
      "generator": {
        "date": "2024-11-15T07:36:14+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2022:0721",
      "initial_release_date": "2022-03-01T14:05:10+00:00",
      "revision_history": [
        {
          "date": "2022-03-01T14:05:10+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-03-01T14:05:10+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-15T07:36:14+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "OpenShift Logging 5.3",
                "product": {
                  "name": "OpenShift Logging 5.3",
                  "product_id": "8Base-OSE-LOGGING-5.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:logging:5.3::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:467401c3ee624cd2865a1fb452a61eff279db33210d257d7b1a40ac2bd1bf673_s390x",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:467401c3ee624cd2865a1fb452a61eff279db33210d257d7b1a40ac2bd1bf673_s390x",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:467401c3ee624cd2865a1fb452a61eff279db33210d257d7b1a40ac2bd1bf673_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:467401c3ee624cd2865a1fb452a61eff279db33210d257d7b1a40ac2bd1bf673?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.3.5-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ec92e6a2f50b449c4d3be9f18be755d27472dc78507dba507b94ab6e99e1ffbe_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ec92e6a2f50b449c4d3be9f18be755d27472dc78507dba507b94ab6e99e1ffbe_s390x",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:ec92e6a2f50b449c4d3be9f18be755d27472dc78507dba507b94ab6e99e1ffbe_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:ec92e6a2f50b449c4d3be9f18be755d27472dc78507dba507b94ab6e99e1ffbe?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.3.5-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:094d032c064e9070a854b22cbb17b6c6ee2a13d79d7fb2ea280d9317bea9c127_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:094d032c064e9070a854b22cbb17b6c6ee2a13d79d7fb2ea280d9317bea9c127_s390x",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:094d032c064e9070a854b22cbb17b6c6ee2a13d79d7fb2ea280d9317bea9c127_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:094d032c064e9070a854b22cbb17b6c6ee2a13d79d7fb2ea280d9317bea9c127?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-130"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:fe256c90e0075d9e8a3bd7a75454057af22b3f563aeee96ff6fba0dfcabe3d4f_s390x",
                "product": {
                  "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:fe256c90e0075d9e8a3bd7a75454057af22b3f563aeee96ff6fba0dfcabe3d4f_s390x",
                  "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:fe256c90e0075d9e8a3bd7a75454057af22b3f563aeee96ff6fba0dfcabe3d4f_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:fe256c90e0075d9e8a3bd7a75454057af22b3f563aeee96ff6fba0dfcabe3d4f?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-94"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:2083543ee79daf0f1cd7038de95a0ba750793401756ab83fe32a778401b7a851_s390x",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:2083543ee79daf0f1cd7038de95a0ba750793401756ab83fe32a778401b7a851_s390x",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:2083543ee79daf0f1cd7038de95a0ba750793401756ab83fe32a778401b7a851_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:2083543ee79daf0f1cd7038de95a0ba750793401756ab83fe32a778401b7a851?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-88"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5_s390x",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5_s390x",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-123"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:ebe6b31d2539e1f681fae6c8cfea976b49713b312664109cd8417ad44627104e_s390x",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:ebe6b31d2539e1f681fae6c8cfea976b49713b312664109cd8417ad44627104e_s390x",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:ebe6b31d2539e1f681fae6c8cfea976b49713b312664109cd8417ad44627104e_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:ebe6b31d2539e1f681fae6c8cfea976b49713b312664109cd8417ad44627104e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-125"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:6ef44ba2113a4bb01f60303e6d3fc1a266f66c819835059775691ec2efc56012_s390x",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:6ef44ba2113a4bb01f60303e6d3fc1a266f66c819835059775691ec2efc56012_s390x",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:6ef44ba2113a4bb01f60303e6d3fc1a266f66c819835059775691ec2efc56012_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:6ef44ba2113a4bb01f60303e6d3fc1a266f66c819835059775691ec2efc56012?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-124"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:23f9af5bdcab236bab3a69be91d0a28109ded4c5ba8b3aa003dbda4d61a96e6a_s390x",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:23f9af5bdcab236bab3a69be91d0a28109ded4c5ba8b3aa003dbda4d61a96e6a_s390x",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:23f9af5bdcab236bab3a69be91d0a28109ded4c5ba8b3aa003dbda4d61a96e6a_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:23f9af5bdcab236bab3a69be91d0a28109ded4c5ba8b3aa003dbda4d61a96e6a?arch=s390x\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-142"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:b9738cefdb34c7aea5c1f85be131cfe954db68dfe92cd68695a9fe3ba0bb3f80_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:b9738cefdb34c7aea5c1f85be131cfe954db68dfe92cd68695a9fe3ba0bb3f80_amd64",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:b9738cefdb34c7aea5c1f85be131cfe954db68dfe92cd68695a9fe3ba0bb3f80_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:b9738cefdb34c7aea5c1f85be131cfe954db68dfe92cd68695a9fe3ba0bb3f80?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.3.5-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-operator-bundle@sha256:f5ac97299bfda317727e6183382bb86b95aed1c2bc09ab54aad385e1a8858e63_amd64",
                "product": {
                  "name": "openshift-logging/cluster-logging-operator-bundle@sha256:f5ac97299bfda317727e6183382bb86b95aed1c2bc09ab54aad385e1a8858e63_amd64",
                  "product_id": "openshift-logging/cluster-logging-operator-bundle@sha256:f5ac97299bfda317727e6183382bb86b95aed1c2bc09ab54aad385e1a8858e63_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-operator-bundle@sha256:f5ac97299bfda317727e6183382bb86b95aed1c2bc09ab54aad385e1a8858e63?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-operator-bundle\u0026tag=v5.3.5-20"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b31540b3d83ca8662490adde87ff2476409af79732cb6ece25fa5978d53dcb7f_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b31540b3d83ca8662490adde87ff2476409af79732cb6ece25fa5978d53dcb7f_amd64",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:b31540b3d83ca8662490adde87ff2476409af79732cb6ece25fa5978d53dcb7f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:b31540b3d83ca8662490adde87ff2476409af79732cb6ece25fa5978d53dcb7f?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.3.5-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-operator-bundle@sha256:00a4fa1ea4d2b2f3bf01e7619c82a82c6311074826529b17e2da963fc674ea71_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-operator-bundle@sha256:00a4fa1ea4d2b2f3bf01e7619c82a82c6311074826529b17e2da963fc674ea71_amd64",
                  "product_id": "openshift-logging/elasticsearch-operator-bundle@sha256:00a4fa1ea4d2b2f3bf01e7619c82a82c6311074826529b17e2da963fc674ea71_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-operator-bundle@sha256:00a4fa1ea4d2b2f3bf01e7619c82a82c6311074826529b17e2da963fc674ea71?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-operator-bundle\u0026tag=v5.3.5-20"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:cf47538a0d80f98aa381d7ab4c494edd39966c008096cfd401816f7314fcf297_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:cf47538a0d80f98aa381d7ab4c494edd39966c008096cfd401816f7314fcf297_amd64",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:cf47538a0d80f98aa381d7ab4c494edd39966c008096cfd401816f7314fcf297_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:cf47538a0d80f98aa381d7ab4c494edd39966c008096cfd401816f7314fcf297?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-130"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:e2d366572b10506dd9b434c068552b58444c8b41c8310ad96aaeeafc942b2720_amd64",
                "product": {
                  "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:e2d366572b10506dd9b434c068552b58444c8b41c8310ad96aaeeafc942b2720_amd64",
                  "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:e2d366572b10506dd9b434c068552b58444c8b41c8310ad96aaeeafc942b2720_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:e2d366572b10506dd9b434c068552b58444c8b41c8310ad96aaeeafc942b2720?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-94"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:4468638de88d588631009c5084f68235ddabfea9feb06f1b0cf804e010934853_amd64",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:4468638de88d588631009c5084f68235ddabfea9feb06f1b0cf804e010934853_amd64",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:4468638de88d588631009c5084f68235ddabfea9feb06f1b0cf804e010934853_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:4468638de88d588631009c5084f68235ddabfea9feb06f1b0cf804e010934853?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-88"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9_amd64",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9_amd64",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-123"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:52aebe51beff433a07e082dd6e216d829c0ae9550619e2328439711e5500d669_amd64",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:52aebe51beff433a07e082dd6e216d829c0ae9550619e2328439711e5500d669_amd64",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:52aebe51beff433a07e082dd6e216d829c0ae9550619e2328439711e5500d669_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:52aebe51beff433a07e082dd6e216d829c0ae9550619e2328439711e5500d669?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-125"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:682ab65a22b1cae091d350a64e1e257e2ee60d5c1ace0b7a48ebfc3def12d653_amd64",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:682ab65a22b1cae091d350a64e1e257e2ee60d5c1ace0b7a48ebfc3def12d653_amd64",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:682ab65a22b1cae091d350a64e1e257e2ee60d5c1ace0b7a48ebfc3def12d653_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:682ab65a22b1cae091d350a64e1e257e2ee60d5c1ace0b7a48ebfc3def12d653?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-124"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:f7d953873ae6217c5770ed723d3c8af955bd94da5a3019a1e16731e6fc4bd541_amd64",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:f7d953873ae6217c5770ed723d3c8af955bd94da5a3019a1e16731e6fc4bd541_amd64",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:f7d953873ae6217c5770ed723d3c8af955bd94da5a3019a1e16731e6fc4bd541_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:f7d953873ae6217c5770ed723d3c8af955bd94da5a3019a1e16731e6fc4bd541?arch=amd64\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-142"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:af8ba54b3b2a20c7213a488ed4dfa8cc23a1b191876ac0153b1721ead5ee25cd_ppc64le",
                "product": {
                  "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:af8ba54b3b2a20c7213a488ed4dfa8cc23a1b191876ac0153b1721ead5ee25cd_ppc64le",
                  "product_id": "openshift-logging/cluster-logging-rhel8-operator@sha256:af8ba54b3b2a20c7213a488ed4dfa8cc23a1b191876ac0153b1721ead5ee25cd_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cluster-logging-rhel8-operator@sha256:af8ba54b3b2a20c7213a488ed4dfa8cc23a1b191876ac0153b1721ead5ee25cd?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator\u0026tag=v5.3.5-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ed698ce3b82a28fdb8c840a8044582267aeac63f5efc5f738b07c47702bdc415_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ed698ce3b82a28fdb8c840a8044582267aeac63f5efc5f738b07c47702bdc415_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-rhel8-operator@sha256:ed698ce3b82a28fdb8c840a8044582267aeac63f5efc5f738b07c47702bdc415_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-rhel8-operator@sha256:ed698ce3b82a28fdb8c840a8044582267aeac63f5efc5f738b07c47702bdc415?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-rhel8-operator\u0026tag=v5.3.5-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:008d0a08f6709e43256f24e8f2e1d09c741fed0ce44fd797841758074e13a706_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:008d0a08f6709e43256f24e8f2e1d09c741fed0ce44fd797841758074e13a706_ppc64le",
                  "product_id": "openshift-logging/elasticsearch-proxy-rhel8@sha256:008d0a08f6709e43256f24e8f2e1d09c741fed0ce44fd797841758074e13a706_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch-proxy-rhel8@sha256:008d0a08f6709e43256f24e8f2e1d09c741fed0ce44fd797841758074e13a706?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch-proxy-rhel8\u0026tag=v1.0.0-130"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:bff9a31f21dc09ff3f360283105a0909a784dad6e645d8df2ceaad0d0452e89d_ppc64le",
                "product": {
                  "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:bff9a31f21dc09ff3f360283105a0909a784dad6e645d8df2ceaad0d0452e89d_ppc64le",
                  "product_id": "openshift-logging/log-file-metric-exporter-rhel8@sha256:bff9a31f21dc09ff3f360283105a0909a784dad6e645d8df2ceaad0d0452e89d_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/log-file-metric-exporter-rhel8@sha256:bff9a31f21dc09ff3f360283105a0909a784dad6e645d8df2ceaad0d0452e89d?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/log-file-metric-exporter-rhel8\u0026tag=v1.0.0-94"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/logging-curator5-rhel8@sha256:f68ec854c7a504e0c48eb1c6713fcce385475e15013ec6ae76dbed8806b19955_ppc64le",
                "product": {
                  "name": "openshift-logging/logging-curator5-rhel8@sha256:f68ec854c7a504e0c48eb1c6713fcce385475e15013ec6ae76dbed8806b19955_ppc64le",
                  "product_id": "openshift-logging/logging-curator5-rhel8@sha256:f68ec854c7a504e0c48eb1c6713fcce385475e15013ec6ae76dbed8806b19955_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/logging-curator5-rhel8@sha256:f68ec854c7a504e0c48eb1c6713fcce385475e15013ec6ae76dbed8806b19955?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/logging-curator5-rhel8\u0026tag=v5.8.1-88"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833_ppc64le",
                "product": {
                  "name": "openshift-logging/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833_ppc64le",
                  "product_id": "openshift-logging/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/elasticsearch6-rhel8\u0026tag=v6.8.1-123"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/eventrouter-rhel8@sha256:8edfdc9d20c8b27a9db95a60f22b47b301d256ca2a5065221fff6f9e9d264967_ppc64le",
                "product": {
                  "name": "openshift-logging/eventrouter-rhel8@sha256:8edfdc9d20c8b27a9db95a60f22b47b301d256ca2a5065221fff6f9e9d264967_ppc64le",
                  "product_id": "openshift-logging/eventrouter-rhel8@sha256:8edfdc9d20c8b27a9db95a60f22b47b301d256ca2a5065221fff6f9e9d264967_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/eventrouter-rhel8@sha256:8edfdc9d20c8b27a9db95a60f22b47b301d256ca2a5065221fff6f9e9d264967?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/eventrouter-rhel8\u0026tag=v0.3.0-125"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/fluentd-rhel8@sha256:66211196d4ff951e4cca7a14cba3f68ef53f8f1c9b519d4c003dcb7453354092_ppc64le",
                "product": {
                  "name": "openshift-logging/fluentd-rhel8@sha256:66211196d4ff951e4cca7a14cba3f68ef53f8f1c9b519d4c003dcb7453354092_ppc64le",
                  "product_id": "openshift-logging/fluentd-rhel8@sha256:66211196d4ff951e4cca7a14cba3f68ef53f8f1c9b519d4c003dcb7453354092_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/fluentd-rhel8@sha256:66211196d4ff951e4cca7a14cba3f68ef53f8f1c9b519d4c003dcb7453354092?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/fluentd-rhel8\u0026tag=v1.7.4-124"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-logging/kibana6-rhel8@sha256:e23695d5de32cca92ca32975ae9b0675b4727ea3d08c1b6d22b20d4ac7bc812b_ppc64le",
                "product": {
                  "name": "openshift-logging/kibana6-rhel8@sha256:e23695d5de32cca92ca32975ae9b0675b4727ea3d08c1b6d22b20d4ac7bc812b_ppc64le",
                  "product_id": "openshift-logging/kibana6-rhel8@sha256:e23695d5de32cca92ca32975ae9b0675b4727ea3d08c1b6d22b20d4ac7bc812b_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kibana6-rhel8@sha256:e23695d5de32cca92ca32975ae9b0675b4727ea3d08c1b6d22b20d4ac7bc812b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-logging/kibana6-rhel8\u0026tag=v6.8.1-142"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-operator-bundle@sha256:f5ac97299bfda317727e6183382bb86b95aed1c2bc09ab54aad385e1a8858e63_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:f5ac97299bfda317727e6183382bb86b95aed1c2bc09ab54aad385e1a8858e63_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-operator-bundle@sha256:f5ac97299bfda317727e6183382bb86b95aed1c2bc09ab54aad385e1a8858e63_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:467401c3ee624cd2865a1fb452a61eff279db33210d257d7b1a40ac2bd1bf673_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:467401c3ee624cd2865a1fb452a61eff279db33210d257d7b1a40ac2bd1bf673_s390x"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:467401c3ee624cd2865a1fb452a61eff279db33210d257d7b1a40ac2bd1bf673_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:af8ba54b3b2a20c7213a488ed4dfa8cc23a1b191876ac0153b1721ead5ee25cd_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:af8ba54b3b2a20c7213a488ed4dfa8cc23a1b191876ac0153b1721ead5ee25cd_ppc64le"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:af8ba54b3b2a20c7213a488ed4dfa8cc23a1b191876ac0153b1721ead5ee25cd_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/cluster-logging-rhel8-operator@sha256:b9738cefdb34c7aea5c1f85be131cfe954db68dfe92cd68695a9fe3ba0bb3f80_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:b9738cefdb34c7aea5c1f85be131cfe954db68dfe92cd68695a9fe3ba0bb3f80_amd64"
        },
        "product_reference": "openshift-logging/cluster-logging-rhel8-operator@sha256:b9738cefdb34c7aea5c1f85be131cfe954db68dfe92cd68695a9fe3ba0bb3f80_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-operator-bundle@sha256:00a4fa1ea4d2b2f3bf01e7619c82a82c6311074826529b17e2da963fc674ea71_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:00a4fa1ea4d2b2f3bf01e7619c82a82c6311074826529b17e2da963fc674ea71_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-operator-bundle@sha256:00a4fa1ea4d2b2f3bf01e7619c82a82c6311074826529b17e2da963fc674ea71_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:008d0a08f6709e43256f24e8f2e1d09c741fed0ce44fd797841758074e13a706_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:008d0a08f6709e43256f24e8f2e1d09c741fed0ce44fd797841758074e13a706_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:008d0a08f6709e43256f24e8f2e1d09c741fed0ce44fd797841758074e13a706_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:094d032c064e9070a854b22cbb17b6c6ee2a13d79d7fb2ea280d9317bea9c127_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:094d032c064e9070a854b22cbb17b6c6ee2a13d79d7fb2ea280d9317bea9c127_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:094d032c064e9070a854b22cbb17b6c6ee2a13d79d7fb2ea280d9317bea9c127_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-proxy-rhel8@sha256:cf47538a0d80f98aa381d7ab4c494edd39966c008096cfd401816f7314fcf297_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:cf47538a0d80f98aa381d7ab4c494edd39966c008096cfd401816f7314fcf297_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-proxy-rhel8@sha256:cf47538a0d80f98aa381d7ab4c494edd39966c008096cfd401816f7314fcf297_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:b31540b3d83ca8662490adde87ff2476409af79732cb6ece25fa5978d53dcb7f_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:b31540b3d83ca8662490adde87ff2476409af79732cb6ece25fa5978d53dcb7f_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:b31540b3d83ca8662490adde87ff2476409af79732cb6ece25fa5978d53dcb7f_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ec92e6a2f50b449c4d3be9f18be755d27472dc78507dba507b94ab6e99e1ffbe_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ec92e6a2f50b449c4d3be9f18be755d27472dc78507dba507b94ab6e99e1ffbe_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:ec92e6a2f50b449c4d3be9f18be755d27472dc78507dba507b94ab6e99e1ffbe_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch-rhel8-operator@sha256:ed698ce3b82a28fdb8c840a8044582267aeac63f5efc5f738b07c47702bdc415_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ed698ce3b82a28fdb8c840a8044582267aeac63f5efc5f738b07c47702bdc415_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch-rhel8-operator@sha256:ed698ce3b82a28fdb8c840a8044582267aeac63f5efc5f738b07c47702bdc415_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5_s390x"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9_amd64"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833_ppc64le"
        },
        "product_reference": "openshift-logging/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:52aebe51beff433a07e082dd6e216d829c0ae9550619e2328439711e5500d669_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:52aebe51beff433a07e082dd6e216d829c0ae9550619e2328439711e5500d669_amd64"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:52aebe51beff433a07e082dd6e216d829c0ae9550619e2328439711e5500d669_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:8edfdc9d20c8b27a9db95a60f22b47b301d256ca2a5065221fff6f9e9d264967_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:8edfdc9d20c8b27a9db95a60f22b47b301d256ca2a5065221fff6f9e9d264967_ppc64le"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:8edfdc9d20c8b27a9db95a60f22b47b301d256ca2a5065221fff6f9e9d264967_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/eventrouter-rhel8@sha256:ebe6b31d2539e1f681fae6c8cfea976b49713b312664109cd8417ad44627104e_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:ebe6b31d2539e1f681fae6c8cfea976b49713b312664109cd8417ad44627104e_s390x"
        },
        "product_reference": "openshift-logging/eventrouter-rhel8@sha256:ebe6b31d2539e1f681fae6c8cfea976b49713b312664109cd8417ad44627104e_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:66211196d4ff951e4cca7a14cba3f68ef53f8f1c9b519d4c003dcb7453354092_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:66211196d4ff951e4cca7a14cba3f68ef53f8f1c9b519d4c003dcb7453354092_ppc64le"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:66211196d4ff951e4cca7a14cba3f68ef53f8f1c9b519d4c003dcb7453354092_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:682ab65a22b1cae091d350a64e1e257e2ee60d5c1ace0b7a48ebfc3def12d653_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:682ab65a22b1cae091d350a64e1e257e2ee60d5c1ace0b7a48ebfc3def12d653_amd64"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:682ab65a22b1cae091d350a64e1e257e2ee60d5c1ace0b7a48ebfc3def12d653_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/fluentd-rhel8@sha256:6ef44ba2113a4bb01f60303e6d3fc1a266f66c819835059775691ec2efc56012_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:6ef44ba2113a4bb01f60303e6d3fc1a266f66c819835059775691ec2efc56012_s390x"
        },
        "product_reference": "openshift-logging/fluentd-rhel8@sha256:6ef44ba2113a4bb01f60303e6d3fc1a266f66c819835059775691ec2efc56012_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:23f9af5bdcab236bab3a69be91d0a28109ded4c5ba8b3aa003dbda4d61a96e6a_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:23f9af5bdcab236bab3a69be91d0a28109ded4c5ba8b3aa003dbda4d61a96e6a_s390x"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:23f9af5bdcab236bab3a69be91d0a28109ded4c5ba8b3aa003dbda4d61a96e6a_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:e23695d5de32cca92ca32975ae9b0675b4727ea3d08c1b6d22b20d4ac7bc812b_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:e23695d5de32cca92ca32975ae9b0675b4727ea3d08c1b6d22b20d4ac7bc812b_ppc64le"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:e23695d5de32cca92ca32975ae9b0675b4727ea3d08c1b6d22b20d4ac7bc812b_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/kibana6-rhel8@sha256:f7d953873ae6217c5770ed723d3c8af955bd94da5a3019a1e16731e6fc4bd541_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:f7d953873ae6217c5770ed723d3c8af955bd94da5a3019a1e16731e6fc4bd541_amd64"
        },
        "product_reference": "openshift-logging/kibana6-rhel8@sha256:f7d953873ae6217c5770ed723d3c8af955bd94da5a3019a1e16731e6fc4bd541_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:bff9a31f21dc09ff3f360283105a0909a784dad6e645d8df2ceaad0d0452e89d_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:bff9a31f21dc09ff3f360283105a0909a784dad6e645d8df2ceaad0d0452e89d_ppc64le"
        },
        "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:bff9a31f21dc09ff3f360283105a0909a784dad6e645d8df2ceaad0d0452e89d_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:e2d366572b10506dd9b434c068552b58444c8b41c8310ad96aaeeafc942b2720_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:e2d366572b10506dd9b434c068552b58444c8b41c8310ad96aaeeafc942b2720_amd64"
        },
        "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:e2d366572b10506dd9b434c068552b58444c8b41c8310ad96aaeeafc942b2720_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/log-file-metric-exporter-rhel8@sha256:fe256c90e0075d9e8a3bd7a75454057af22b3f563aeee96ff6fba0dfcabe3d4f_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:fe256c90e0075d9e8a3bd7a75454057af22b3f563aeee96ff6fba0dfcabe3d4f_s390x"
        },
        "product_reference": "openshift-logging/log-file-metric-exporter-rhel8@sha256:fe256c90e0075d9e8a3bd7a75454057af22b3f563aeee96ff6fba0dfcabe3d4f_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:2083543ee79daf0f1cd7038de95a0ba750793401756ab83fe32a778401b7a851_s390x as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:2083543ee79daf0f1cd7038de95a0ba750793401756ab83fe32a778401b7a851_s390x"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:2083543ee79daf0f1cd7038de95a0ba750793401756ab83fe32a778401b7a851_s390x",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:4468638de88d588631009c5084f68235ddabfea9feb06f1b0cf804e010934853_amd64 as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:4468638de88d588631009c5084f68235ddabfea9feb06f1b0cf804e010934853_amd64"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:4468638de88d588631009c5084f68235ddabfea9feb06f1b0cf804e010934853_amd64",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-logging/logging-curator5-rhel8@sha256:f68ec854c7a504e0c48eb1c6713fcce385475e15013ec6ae76dbed8806b19955_ppc64le as a component of OpenShift Logging 5.3",
          "product_id": "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:f68ec854c7a504e0c48eb1c6713fcce385475e15013ec6ae76dbed8806b19955_ppc64le"
        },
        "product_reference": "openshift-logging/logging-curator5-rhel8@sha256:f68ec854c7a504e0c48eb1c6713fcce385475e15013ec6ae76dbed8806b19955_ppc64le",
        "relates_to_product_reference": "8Base-OSE-LOGGING-5.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-28491",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-02-18T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:f5ac97299bfda317727e6183382bb86b95aed1c2bc09ab54aad385e1a8858e63_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:467401c3ee624cd2865a1fb452a61eff279db33210d257d7b1a40ac2bd1bf673_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:af8ba54b3b2a20c7213a488ed4dfa8cc23a1b191876ac0153b1721ead5ee25cd_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:b9738cefdb34c7aea5c1f85be131cfe954db68dfe92cd68695a9fe3ba0bb3f80_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:00a4fa1ea4d2b2f3bf01e7619c82a82c6311074826529b17e2da963fc674ea71_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:008d0a08f6709e43256f24e8f2e1d09c741fed0ce44fd797841758074e13a706_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:094d032c064e9070a854b22cbb17b6c6ee2a13d79d7fb2ea280d9317bea9c127_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:cf47538a0d80f98aa381d7ab4c494edd39966c008096cfd401816f7314fcf297_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:b31540b3d83ca8662490adde87ff2476409af79732cb6ece25fa5978d53dcb7f_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ec92e6a2f50b449c4d3be9f18be755d27472dc78507dba507b94ab6e99e1ffbe_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ed698ce3b82a28fdb8c840a8044582267aeac63f5efc5f738b07c47702bdc415_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:52aebe51beff433a07e082dd6e216d829c0ae9550619e2328439711e5500d669_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:8edfdc9d20c8b27a9db95a60f22b47b301d256ca2a5065221fff6f9e9d264967_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:ebe6b31d2539e1f681fae6c8cfea976b49713b312664109cd8417ad44627104e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:66211196d4ff951e4cca7a14cba3f68ef53f8f1c9b519d4c003dcb7453354092_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:682ab65a22b1cae091d350a64e1e257e2ee60d5c1ace0b7a48ebfc3def12d653_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:6ef44ba2113a4bb01f60303e6d3fc1a266f66c819835059775691ec2efc56012_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:23f9af5bdcab236bab3a69be91d0a28109ded4c5ba8b3aa003dbda4d61a96e6a_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:e23695d5de32cca92ca32975ae9b0675b4727ea3d08c1b6d22b20d4ac7bc812b_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:f7d953873ae6217c5770ed723d3c8af955bd94da5a3019a1e16731e6fc4bd541_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:bff9a31f21dc09ff3f360283105a0909a784dad6e645d8df2ceaad0d0452e89d_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:e2d366572b10506dd9b434c068552b58444c8b41c8310ad96aaeeafc942b2720_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:fe256c90e0075d9e8a3bd7a75454057af22b3f563aeee96ff6fba0dfcabe3d4f_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:2083543ee79daf0f1cd7038de95a0ba750793401756ab83fe32a778401b7a851_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:4468638de88d588631009c5084f68235ddabfea9feb06f1b0cf804e010934853_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:f68ec854c7a504e0c48eb1c6713fcce385475e15013ec6ae76dbed8806b19955_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1930423"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In OpenShift Container Platform (OCP), the hive/presto/hadoop components that comprise the OCP metering stack, ship the vulnerable version of jackson-dataformat-cbor.\nSince the release of OCP 4.6, the metering product has been deprecated [1], hence the affected components are marked as wontfix.\nThis may be fixed in the future.\n\nIn OCP 4.6 the openshift4/ose-logging-elasticsearch6 container delivers the vulnerable version of jackson-dataformat-cbor, but OCP 4.6 is Out Of Support Scope (OOSS) for Moderate and Low impact vulnerabilities because it is now in the Maintenance Phase of the support, hence this component is marked as ooss. Since the release of OCP 4.7 this component is delivered as part of the OpenShift Logging product (openshift-logging/elasticsearch6-rhel8 container).\n\n[1] https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-release-notes.html#ocp-4-6-metering-operator-deprecated",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833_ppc64le"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:f5ac97299bfda317727e6183382bb86b95aed1c2bc09ab54aad385e1a8858e63_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:467401c3ee624cd2865a1fb452a61eff279db33210d257d7b1a40ac2bd1bf673_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:af8ba54b3b2a20c7213a488ed4dfa8cc23a1b191876ac0153b1721ead5ee25cd_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:b9738cefdb34c7aea5c1f85be131cfe954db68dfe92cd68695a9fe3ba0bb3f80_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:00a4fa1ea4d2b2f3bf01e7619c82a82c6311074826529b17e2da963fc674ea71_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:008d0a08f6709e43256f24e8f2e1d09c741fed0ce44fd797841758074e13a706_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:094d032c064e9070a854b22cbb17b6c6ee2a13d79d7fb2ea280d9317bea9c127_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:cf47538a0d80f98aa381d7ab4c494edd39966c008096cfd401816f7314fcf297_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:b31540b3d83ca8662490adde87ff2476409af79732cb6ece25fa5978d53dcb7f_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ec92e6a2f50b449c4d3be9f18be755d27472dc78507dba507b94ab6e99e1ffbe_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ed698ce3b82a28fdb8c840a8044582267aeac63f5efc5f738b07c47702bdc415_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:52aebe51beff433a07e082dd6e216d829c0ae9550619e2328439711e5500d669_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:8edfdc9d20c8b27a9db95a60f22b47b301d256ca2a5065221fff6f9e9d264967_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:ebe6b31d2539e1f681fae6c8cfea976b49713b312664109cd8417ad44627104e_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:66211196d4ff951e4cca7a14cba3f68ef53f8f1c9b519d4c003dcb7453354092_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:682ab65a22b1cae091d350a64e1e257e2ee60d5c1ace0b7a48ebfc3def12d653_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:6ef44ba2113a4bb01f60303e6d3fc1a266f66c819835059775691ec2efc56012_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:23f9af5bdcab236bab3a69be91d0a28109ded4c5ba8b3aa003dbda4d61a96e6a_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:e23695d5de32cca92ca32975ae9b0675b4727ea3d08c1b6d22b20d4ac7bc812b_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:f7d953873ae6217c5770ed723d3c8af955bd94da5a3019a1e16731e6fc4bd541_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:bff9a31f21dc09ff3f360283105a0909a784dad6e645d8df2ceaad0d0452e89d_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:e2d366572b10506dd9b434c068552b58444c8b41c8310ad96aaeeafc942b2720_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:fe256c90e0075d9e8a3bd7a75454057af22b3f563aeee96ff6fba0dfcabe3d4f_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:2083543ee79daf0f1cd7038de95a0ba750793401756ab83fe32a778401b7a851_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:4468638de88d588631009c5084f68235ddabfea9feb06f1b0cf804e010934853_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:f68ec854c7a504e0c48eb1c6713fcce385475e15013ec6ae76dbed8806b19955_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-28491"
        },
        {
          "category": "external",
          "summary": "RHBZ#1930423",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930423"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-28491",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-28491"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-28491",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28491"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329",
          "url": "https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONDATAFORMAT-1047329"
        }
      ],
      "release_date": "2021-02-18T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-03-01T14:05:10+00:00",
          "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0721"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception"
    },
    {
      "cve": "CVE-2022-0552",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2022-02-09T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:f5ac97299bfda317727e6183382bb86b95aed1c2bc09ab54aad385e1a8858e63_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:467401c3ee624cd2865a1fb452a61eff279db33210d257d7b1a40ac2bd1bf673_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:af8ba54b3b2a20c7213a488ed4dfa8cc23a1b191876ac0153b1721ead5ee25cd_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:b9738cefdb34c7aea5c1f85be131cfe954db68dfe92cd68695a9fe3ba0bb3f80_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:00a4fa1ea4d2b2f3bf01e7619c82a82c6311074826529b17e2da963fc674ea71_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:008d0a08f6709e43256f24e8f2e1d09c741fed0ce44fd797841758074e13a706_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:094d032c064e9070a854b22cbb17b6c6ee2a13d79d7fb2ea280d9317bea9c127_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:cf47538a0d80f98aa381d7ab4c494edd39966c008096cfd401816f7314fcf297_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:b31540b3d83ca8662490adde87ff2476409af79732cb6ece25fa5978d53dcb7f_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ec92e6a2f50b449c4d3be9f18be755d27472dc78507dba507b94ab6e99e1ffbe_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ed698ce3b82a28fdb8c840a8044582267aeac63f5efc5f738b07c47702bdc415_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:52aebe51beff433a07e082dd6e216d829c0ae9550619e2328439711e5500d669_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:8edfdc9d20c8b27a9db95a60f22b47b301d256ca2a5065221fff6f9e9d264967_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:ebe6b31d2539e1f681fae6c8cfea976b49713b312664109cd8417ad44627104e_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:66211196d4ff951e4cca7a14cba3f68ef53f8f1c9b519d4c003dcb7453354092_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:682ab65a22b1cae091d350a64e1e257e2ee60d5c1ace0b7a48ebfc3def12d653_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:6ef44ba2113a4bb01f60303e6d3fc1a266f66c819835059775691ec2efc56012_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:23f9af5bdcab236bab3a69be91d0a28109ded4c5ba8b3aa003dbda4d61a96e6a_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:e23695d5de32cca92ca32975ae9b0675b4727ea3d08c1b6d22b20d4ac7bc812b_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:f7d953873ae6217c5770ed723d3c8af955bd94da5a3019a1e16731e6fc4bd541_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:bff9a31f21dc09ff3f360283105a0909a784dad6e645d8df2ceaad0d0452e89d_ppc64le",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:e2d366572b10506dd9b434c068552b58444c8b41c8310ad96aaeeafc942b2720_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:fe256c90e0075d9e8a3bd7a75454057af22b3f563aeee96ff6fba0dfcabe3d4f_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:2083543ee79daf0f1cd7038de95a0ba750793401756ab83fe32a778401b7a851_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:4468638de88d588631009c5084f68235ddabfea9feb06f1b0cf804e010934853_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:f68ec854c7a504e0c48eb1c6713fcce385475e15013ec6ae76dbed8806b19955_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2052539"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This CVE only applies to the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container image, shipped in OpenShift Logging 5.1, 5.2. and 5.3.\nhttps://access.redhat.com/errata/RHSA-2021:5128\nhttps://access.redhat.com/errata/RHSA-2021:5127\nhttps://access.redhat.com/errata/RHSA-2021:5129",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833_ppc64le"
        ],
        "known_not_affected": [
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-operator-bundle@sha256:f5ac97299bfda317727e6183382bb86b95aed1c2bc09ab54aad385e1a8858e63_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:467401c3ee624cd2865a1fb452a61eff279db33210d257d7b1a40ac2bd1bf673_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:af8ba54b3b2a20c7213a488ed4dfa8cc23a1b191876ac0153b1721ead5ee25cd_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/cluster-logging-rhel8-operator@sha256:b9738cefdb34c7aea5c1f85be131cfe954db68dfe92cd68695a9fe3ba0bb3f80_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-operator-bundle@sha256:00a4fa1ea4d2b2f3bf01e7619c82a82c6311074826529b17e2da963fc674ea71_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:008d0a08f6709e43256f24e8f2e1d09c741fed0ce44fd797841758074e13a706_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:094d032c064e9070a854b22cbb17b6c6ee2a13d79d7fb2ea280d9317bea9c127_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-proxy-rhel8@sha256:cf47538a0d80f98aa381d7ab4c494edd39966c008096cfd401816f7314fcf297_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:b31540b3d83ca8662490adde87ff2476409af79732cb6ece25fa5978d53dcb7f_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ec92e6a2f50b449c4d3be9f18be755d27472dc78507dba507b94ab6e99e1ffbe_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch-rhel8-operator@sha256:ed698ce3b82a28fdb8c840a8044582267aeac63f5efc5f738b07c47702bdc415_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:52aebe51beff433a07e082dd6e216d829c0ae9550619e2328439711e5500d669_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:8edfdc9d20c8b27a9db95a60f22b47b301d256ca2a5065221fff6f9e9d264967_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/eventrouter-rhel8@sha256:ebe6b31d2539e1f681fae6c8cfea976b49713b312664109cd8417ad44627104e_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:66211196d4ff951e4cca7a14cba3f68ef53f8f1c9b519d4c003dcb7453354092_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:682ab65a22b1cae091d350a64e1e257e2ee60d5c1ace0b7a48ebfc3def12d653_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/fluentd-rhel8@sha256:6ef44ba2113a4bb01f60303e6d3fc1a266f66c819835059775691ec2efc56012_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:23f9af5bdcab236bab3a69be91d0a28109ded4c5ba8b3aa003dbda4d61a96e6a_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:e23695d5de32cca92ca32975ae9b0675b4727ea3d08c1b6d22b20d4ac7bc812b_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/kibana6-rhel8@sha256:f7d953873ae6217c5770ed723d3c8af955bd94da5a3019a1e16731e6fc4bd541_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:bff9a31f21dc09ff3f360283105a0909a784dad6e645d8df2ceaad0d0452e89d_ppc64le",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:e2d366572b10506dd9b434c068552b58444c8b41c8310ad96aaeeafc942b2720_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/log-file-metric-exporter-rhel8@sha256:fe256c90e0075d9e8a3bd7a75454057af22b3f563aeee96ff6fba0dfcabe3d4f_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:2083543ee79daf0f1cd7038de95a0ba750793401756ab83fe32a778401b7a851_s390x",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:4468638de88d588631009c5084f68235ddabfea9feb06f1b0cf804e010934853_amd64",
          "8Base-OSE-LOGGING-5.3:openshift-logging/logging-curator5-rhel8@sha256:f68ec854c7a504e0c48eb1c6713fcce385475e15013ec6ae76dbed8806b19955_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-0552"
        },
        {
          "category": "external",
          "summary": "RHBZ#2052539",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2052539"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0552",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-0552"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0552",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0552"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/cve/CVE-2021-21409",
          "url": "https://access.redhat.com/security/cve/CVE-2021-21409"
        }
      ],
      "release_date": "2022-02-28T10:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-03-01T14:05:10+00:00",
          "details": "For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nFor Red Hat OpenShift Logging 5.3, see the following instructions to apply this update:\n\nhttps://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html",
          "product_ids": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:0721"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:481473fbd18dc15b86f2f6fdfd3bdfe2a4c7b7cf15bcf2f7ce905716af58e6e5_s390x",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:6245ddb9e393fe3d43fdc9f5c98158670b98cde48488204f23a4485276da32f9_amd64",
            "8Base-OSE-LOGGING-5.3:openshift-logging/elasticsearch6-rhel8@sha256:7a0496256e0a18bea6e499ee315bd42a13d49ef42fe5092fa43601553803f833_ppc64le"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.