csaf_redhat - rhsa-2022

rhsa-2022_5483

Vulnerability from csaf_redhat

Published

2022-07-01 09:52

Modified

2024-09-18 04:49

Summary

Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.2 security and bug fix update

Notes

Topic

The Migration Toolkit for Containers (MTC) 1.7.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Security Fix(es) from Bugzilla: * nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807) * node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235) * follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "The Migration Toolkit for Containers (MTC) 1.7.2 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es) from Bugzilla:\n\n* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)\n\n* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)\n\n* follow-redirects: Exposure of Sensitive Information via Authorization Header leak (CVE-2022-0536)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2022:5483",
        "url": "https://access.redhat.com/errata/RHSA-2022:5483"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2007557",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557"
      },
      {
        "category": "external",
        "summary": "2038898",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2038898"
      },
      {
        "category": "external",
        "summary": "2040693",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040693"
      },
      {
        "category": "external",
        "summary": "2040695",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2040695"
      },
      {
        "category": "external",
        "summary": "2044591",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591"
      },
      {
        "category": "external",
        "summary": "2048537",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2048537"
      },
      {
        "category": "external",
        "summary": "2053259",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053259"
      },
      {
        "category": "external",
        "summary": "2055658",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2055658"
      },
      {
        "category": "external",
        "summary": "2056962",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2056962"
      },
      {
        "category": "external",
        "summary": "2058172",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058172"
      },
      {
        "category": "external",
        "summary": "2058529",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2058529"
      },
      {
        "category": "external",
        "summary": "2061335",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2061335"
      },
      {
        "category": "external",
        "summary": "2062266",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062266"
      },
      {
        "category": "external",
        "summary": "2062862",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2062862"
      },
      {
        "category": "external",
        "summary": "2074675",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2074675"
      },
      {
        "category": "external",
        "summary": "2076593",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076593"
      },
      {
        "category": "external",
        "summary": "2076599",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2076599"
      },
      {
        "category": "external",
        "summary": "2078459",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078459"
      },
      {
        "category": "external",
        "summary": "2079252",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2079252"
      },
      {
        "category": "external",
        "summary": "2082221",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082221"
      },
      {
        "category": "external",
        "summary": "2082225",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082225"
      },
      {
        "category": "external",
        "summary": "2088022",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088022"
      },
      {
        "category": "external",
        "summary": "2088026",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2088026"
      },
      {
        "category": "external",
        "summary": "2089126",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089126"
      },
      {
        "category": "external",
        "summary": "2089411",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089411"
      },
      {
        "category": "external",
        "summary": "2089859",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089859"
      },
      {
        "category": "external",
        "summary": "2090317",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2090317"
      },
      {
        "category": "external",
        "summary": "2096939",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096939"
      },
      {
        "category": "external",
        "summary": "2100486",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2100486"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_5483.json"
      }
    ],
    "title": "Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.2 security and bug fix update",
    "tracking": {
      "current_release_date": "2024-09-18T04:49:08+00:00",
      "generator": {
        "date": "2024-09-18T04:49:08+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2022:5483",
      "initial_release_date": "2022-07-01T09:52:30+00:00",
      "revision_history": [
        {
          "date": "2022-07-01T09:52:30+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2022-07-01T09:52:30+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-18T04:49:08+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "8Base-RHMTC-1.7",
                "product": {
                  "name": "8Base-RHMTC-1.7",
                  "product_id": "8Base-RHMTC-1.7",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhmt:1.7::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Migration Toolkit"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d_amd64",
                  "product_id": "rhmtc/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-controller-rhel8\u0026tag=v1.7.2-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16_amd64",
                  "product_id": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-legacy-rhel8-operator\u0026tag=v1.7.2-19"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946_amd64",
                  "product_id": "rhmtc/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-log-reader-rhel8\u0026tag=v1.7.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e_amd64",
                  "product_id": "rhmtc/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-must-gather-rhel8\u0026tag=v1.7.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91_amd64",
                  "product_id": "rhmtc/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-openvpn-rhel8\u0026tag=v1.7.2-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2_amd64",
                  "product_id": "rhmtc/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rhel8-operator\u0026tag=v1.7.2-18"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a_amd64",
                  "product_id": "rhmtc/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-operator-bundle\u0026tag=v1.7.2-19"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b_amd64",
                  "product_id": "rhmtc/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-registry-rhel8\u0026tag=v1.7.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9_amd64",
                  "product_id": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-rsync-transfer-rhel8\u0026tag=v1.7.2-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64",
                  "product_id": "rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-ui-rhel8\u0026tag=v1.7.2-9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-rhel8\u0026tag=v1.7.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-aws-rhel8\u0026tag=v1.7.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8\u0026tag=v1.7.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8\u0026tag=v1.7.2-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610_amd64",
                "product": {
                  "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610_amd64",
                  "product_id": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-migration-velero-restic-restore-helper-rhel8\u0026tag=v1.7.2-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c_amd64",
                "product": {
                  "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c_amd64",
                  "product_id": "rhmtc/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c?arch=amd64\u0026repository_url=registry.redhat.io/rhmtc/openshift-velero-plugin-rhel8\u0026tag=v1.7.2-3"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f_amd64"
        },
        "product_reference": "rhmtc/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhmtc/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c_amd64 as a component of 8Base-RHMTC-1.7",
          "product_id": "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c_amd64"
        },
        "product_reference": "rhmtc/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c_amd64",
        "relates_to_product_reference": "8Base-RHMTC-1.7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-3807",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2021-09-17T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2007557"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A regular expression denial of service (ReDoS) vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw requires crafted invalid ANSI escape codes in order to be exploited and only allows for denial of service of applications on the client side, hence the impact has been rated as Moderate.\n\nIn Red Hat Virtualization and Red Hat Quay some components use a vulnerable version of ansi-regex. However, all frontend code is executed on the client side. As the maximum impact of this vulnerability is denial of service in the client, the vulnerability is rated Moderate for those products.\n\nOpenShift Container Platform 4 (OCP) ships affected version of ansi-regex in the ose-metering-hadoop container, however the metering operator is deprecated since 4.6[1]. This issue is not currently planned to be addressed in future updates and hence hadoop container has been marked as \u0027will not fix\u0027.\n\nAdvanced Cluster Management for Kubernetes (RHACM) ships the affected version of ansi-regex in several containers, however the impact of this vulnerability is deemed low as it would result in an authenticated slowing down their own user interface. \n\n[1] https://docs.openshift.com/container-platform/4.6/metering/metering-about-metering.html",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64"
        ],
        "known_not_affected": [
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-3807"
        },
        {
          "category": "external",
          "summary": "RHBZ#2007557",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-3807",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807"
        },
        {
          "category": "external",
          "summary": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994",
          "url": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994"
        }
      ],
      "release_date": "2021-09-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
          "product_ids": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:5483"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes"
    },
    {
      "cve": "CVE-2022-0235",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "discovery_date": "2022-01-16T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2044591"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in node-fetch. When following a redirect to a third-party domain, node-fetch was forwarding sensitive headers such as \"Authorization,\" \"WWW-Authenticate,\" and \"Cookie\" to potentially untrusted targets. This flaw leads to the exposure of sensitive information to an unauthorized actor.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-fetch: exposure of sensitive information to an unauthorized actor",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This flaw is out of support scope for dotnet-5.0. For more information about Dotnet product support scope, please see https://access.redhat.com/support/policy/updates/net-core",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64"
        ],
        "known_not_affected": [
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-0235"
        },
        {
          "category": "external",
          "summary": "RHBZ#2044591",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2044591"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0235",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-0235"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0235"
        },
        {
          "category": "external",
          "summary": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/",
          "url": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7/"
        }
      ],
      "release_date": "2022-01-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
          "product_ids": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:5483"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "node-fetch: exposure of sensitive information to an unauthorized actor"
    },
    {
      "cve": "CVE-2022-0536",
      "cwe": {
        "id": "CWE-212",
        "name": "Improper Removal of Sensitive Information Before Storage or Transfer"
      },
      "discovery_date": "2022-02-10T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f_amd64",
            "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2053259"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the follow-redirects package. This flaw allows the exposure of sensitive information to an unauthorized actor due to the usage of insecure HTTP protocol. This issue happens with an Authorization header leak from the same hostname, https-http, and requires a Man-in-the-Middle (MITM) attack.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "follow-redirects: Exposure of Sensitive Information via Authorization Header leak",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64"
        ],
        "known_not_affected": [
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-controller-rhel8@sha256:12634213bd9cc156040443170c744d5d74bf0fbfc09a003fd24687265802315d_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-legacy-rhel8-operator@sha256:49c4d1d018cfe3cf36b1e32e3b5ff786d67032005a27a9f3918f94a0c43a2a16_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-log-reader-rhel8@sha256:6f882ba9232f847055af791246fbe9da70ffae4b478bc6a7bba90d7d21cf7946_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-must-gather-rhel8@sha256:aadfd9a92a70a1d18ebcdefe6c9ce9a8e7ab7e8b7d1a5e73a062d99d18997e0e_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-openvpn-rhel8@sha256:44309e4ecd3e796de6659864bd6aedac334d14ad1adf2ce65fe9ac1c9d889d91_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-operator-bundle@sha256:697a0375f3ff849b4b3d17c203ba8df25d194482655932de7af1bdd35b4cc07a_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-registry-rhel8@sha256:7ac7b18d9c211169962890a2333fd72974406dbd8942feb8c9df0e05929bbb7b_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-rhel8-operator@sha256:f54941290c1381334b4767a0e13d3e3f7c415f7391f676b70628d898d6ff4cb2_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-rsync-transfer-rhel8@sha256:7240fbb6ab13949cbc48485e0c30b6e7082f4e0bd505173cf0c33926c98720d9_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-aws-rhel8@sha256:5e829c1a838510d26a31a4a6e459bb1daabf145a17e1df62dbf137dadd4cb5b8_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-gcp-rhel8@sha256:3ca8294a9be3ca32a25f9083661fcae16a297a8cb487a9c30e9397f172f6edc9_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-plugin-for-microsoft-azure-rhel8@sha256:03191a4eba3db81aa04c6f28419b685ab4f877ef9db29997dac098cb900ce3b4_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-restic-restore-helper-rhel8@sha256:b952ae7f6662ad82c054f213a19f243186059e787ae28243b504dd4f24a98610_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-migration-velero-rhel8@sha256:f1e6241861004c7c0e4df612473e824bbb3431d85f25fa1b91e0889f511f504f_amd64",
          "8Base-RHMTC-1.7:rhmtc/openshift-velero-plugin-rhel8@sha256:3ea042d0a976879d939ec0d669855590b5b0ef0735623b31b21b21b2c4091d4c_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-0536"
        },
        {
          "category": "external",
          "summary": "RHBZ#2053259",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2053259"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-0536",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-0536"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0536",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0536"
        }
      ],
      "release_date": "2022-02-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "For details on how to install and use MTC, refer to:\n\nhttps://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html",
          "product_ids": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2022:5483"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHMTC-1.7:rhmtc/openshift-migration-ui-rhel8@sha256:647fd52462128ba60ae9db9d3b1a8c3559dd944f43ca19126478d60d998bf029_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "follow-redirects: Exposure of Sensitive Information via Authorization Header leak"
    }
  ]
}

cve-2022-0536

Vulnerability from cvelistv5

Published

2022-02-09 10:45

Modified

2024-08-02 23:32

Severity

2.6 (Low) - cvssV3_1 - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

Improper Removal of Sensitive Information Before Storage or Transfer in follow-redirects/follow-redirects

References

URL	Tags
https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db	x_refsource_CONFIRM
https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445	x_refsource_MISC

Impacted products

Vendor	Product
follow-redirects	follow-redirects/follow-redirects

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:32:46.161Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "follow-redirects/follow-redirects",
          "vendor": "follow-redirects",
          "versions": [
            {
              "lessThan": "1.14.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8.\u003c/p\u003e"
            }
          ],
          "value": "Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-212",
              "description": "CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-02T08:48:13.471Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445"
        }
      ],
      "source": {
        "advisory": "7cf2bf90-52da-4d59-8028-a73b132de0db",
        "discovery": "EXTERNAL"
      },
      "title": "Improper Removal of Sensitive Information Before Storage or Transfer in follow-redirects/follow-redirects",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-0536",
          "STATE": "PUBLIC",
          "TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in follow-redirects/follow-redirects"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "follow-redirects/follow-redirects",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "1.14.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "follow-redirects"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/7cf2bf90-52da-4d59-8028-a73b132de0db"
            },
            {
              "name": "https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445",
              "refsource": "MISC",
              "url": "https://github.com/follow-redirects/follow-redirects/commit/62e546a99c07c3ee5e4e0718c84a6ca127c5c445"
            }
          ]
        },
        "source": {
          "advisory": "7cf2bf90-52da-4d59-8028-a73b132de0db",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-0536",
    "datePublished": "2022-02-09T10:45:10",
    "dateReserved": "2022-02-08T00:00:00",
    "dateUpdated": "2024-08-02T23:32:46.161Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-0235

Vulnerability from cvelistv5

Published

2022-01-16 00:00

Modified

2024-08-02 23:18

Severity

8.8 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Exposure of Sensitive Information to an Unauthorized Actor in node-fetch/node-fetch

References

URL	Tags
https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7
https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10
https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
https://lists.debian.org/debian-lts-announce/2022/12/msg00007.html	mailing-list

Impacted products

Vendor	Product
node-fetch	node-fetch/node-fetch

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:42.930Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
          },
          {
            "name": "[debian-lts-announce] 20221205 [SECURITY] [DLA 3222-1] node-fetch security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00007.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "node-fetch/node-fetch",
          "vendor": "node-fetch",
          "versions": [
            {
              "lessThan": "3.1.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-05T00:00:00",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/d26ab655-38d6-48b3-be15-f9ad6b6ae6f7"
        },
        {
          "url": "https://github.com/node-fetch/node-fetch/commit/36e47e8a6406185921e4985dcbeff140d73eaa10"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf"
        },
        {
          "name": "[debian-lts-announce] 20221205 [SECURITY] [DLA 3222-1] node-fetch security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/12/msg00007.html"
        }
      ],
      "source": {
        "advisory": "d26ab655-38d6-48b3-be15-f9ad6b6ae6f7",
        "discovery": "EXTERNAL"
      },
      "title": "Exposure of Sensitive Information to an Unauthorized Actor in node-fetch/node-fetch"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-0235",
    "datePublished": "2022-01-16T00:00:00",
    "dateReserved": "2022-01-14T00:00:00",
    "dateUpdated": "2024-08-02T23:18:42.930Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-3807

Vulnerability from cvelistv5

Published

2021-09-17 00:00

Modified

2024-08-03 17:09

Severity

7.5 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

Inefficient Regular Expression Complexity in chalk/ansi-regex

References

URL	Tags
https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994
https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9
https://www.oracle.com/security-alerts/cpuapr2022.html
https://security.netapp.com/advisory/ntap-20221014-0002/

Impacted products

Vendor	Product
chalk	chalk/ansi-regex

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:09:08.762Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221014-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "chalk/ansi-regex",
          "vendor": "chalk",
          "versions": [
            {
              "lessThan": "6.0.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "5.0.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "status": "unaffected",
              "version": "5.0.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "ansi-regex is vulnerable to Inefficient Regular Expression Complexity"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333 Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-14T00:00:00",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994"
        },
        {
          "url": "https://github.com/chalk/ansi-regex/commit/8d1d7cdb586269882c4bdc1b7325d0c58c8f76f9"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221014-0002/"
        }
      ],
      "source": {
        "advisory": "5b3cf33b-ede0-4398-9974-800876dfd994",
        "discovery": "EXTERNAL"
      },
      "title": "Inefficient Regular Expression Complexity in chalk/ansi-regex"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2021-3807",
    "datePublished": "2021-09-17T00:00:00",
    "dateReserved": "2021-09-16T00:00:00",
    "dateUpdated": "2024-08-03T17:09:08.762Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Action not permitted

rhsa-2022_5483

Vulnerability from csaf_redhat

cve-2022-0536

Vulnerability from cvelistv5

cve-2022-0235

Vulnerability from cvelistv5

cve-2021-3807

Vulnerability from cvelistv5

Tags