rhsa-2022_5555
Vulnerability from csaf_redhat
Published
2022-07-14 12:56
Modified
2024-09-16 08:16
Summary
Red Hat Security Advisory: RHV Manager (ovirt-engine) [ovirt-4.5.1] security, bug fix and update
Notes
Topic
Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
Security Fix(es):
* nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)
* apache-commons-compress: infinite loop when reading a specially crafted 7Z archive (CVE-2021-35515)
* apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive (CVE-2021-35516)
* apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive (CVE-2021-35517)
* apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive (CVE-2021-36090)
* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)
* spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)
* semantic-release: Masked secrets can be disclosed if they contain characters that are excluded from uri encoding (CVE-2022-31051)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
A list of bugs fixed in this update is available in the Technical Notes book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated ovirt-engine packages that fix several bugs and add various enhancements are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.\n\nSecurity Fix(es):\n\n* nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)\n\n* apache-commons-compress: infinite loop when reading a specially crafted 7Z archive (CVE-2021-35515)\n\n* apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive (CVE-2021-35516)\n\n* apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive (CVE-2021-35517)\n\n* apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive (CVE-2021-36090)\n\n* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)\n\n* spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)\n\n* semantic-release: Masked secrets can be disclosed if they contain characters that are excluded from uri encoding (CVE-2022-31051)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nA list of bugs fixed in this update is available in the Technical Notes book:\nhttps://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:5555",
"url": "https://access.redhat.com/errata/RHSA-2022:5555"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes",
"url": "https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "1663217",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663217"
},
{
"category": "external",
"summary": "1782077",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782077"
},
{
"category": "external",
"summary": "1849045",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1849045"
},
{
"category": "external",
"summary": "1852308",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852308"
},
{
"category": "external",
"summary": "1958032",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1958032"
},
{
"category": "external",
"summary": "1966615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966615"
},
{
"category": "external",
"summary": "1976607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976607"
},
{
"category": "external",
"summary": "1981895",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981895"
},
{
"category": "external",
"summary": "1981900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981900"
},
{
"category": "external",
"summary": "1981903",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981903"
},
{
"category": "external",
"summary": "1981909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981909"
},
{
"category": "external",
"summary": "1994144",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1994144"
},
{
"category": "external",
"summary": "2001574",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001574"
},
{
"category": "external",
"summary": "2001923",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2001923"
},
{
"category": "external",
"summary": "2006625",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006625"
},
{
"category": "external",
"summary": "2007557",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557"
},
{
"category": "external",
"summary": "2030293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2030293"
},
{
"category": "external",
"summary": "2068270",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2068270"
},
{
"category": "external",
"summary": "2069414",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069414"
},
{
"category": "external",
"summary": "2070045",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2070045"
},
{
"category": "external",
"summary": "2072626",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2072626"
},
{
"category": "external",
"summary": "2081241",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081241"
},
{
"category": "external",
"summary": "2081559",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081559"
},
{
"category": "external",
"summary": "2089856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2089856"
},
{
"category": "external",
"summary": "2092885",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2092885"
},
{
"category": "external",
"summary": "2093795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2093795"
},
{
"category": "external",
"summary": "2097414",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097414"
},
{
"category": "external",
"summary": "2099650",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099650"
},
{
"category": "external",
"summary": "2105296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2105296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_5555.json"
}
],
"title": "Red Hat Security Advisory: RHV Manager (ovirt-engine) [ovirt-4.5.1] security, bug fix and update",
"tracking": {
"current_release_date": "2024-09-16T08:16:41+00:00",
"generator": {
"date": "2024-09-16T08:16:41+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "3.33.3"
}
},
"id": "RHSA-2022:5555",
"initial_release_date": "2022-07-14T12:56:49+00:00",
"revision_history": [
{
"date": "2022-07-14T12:56:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-07-14T12:56:49+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-09-16T08:16:41+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product": {
"name": "RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhev_manager:4.4:el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src",
"product": {
"name": "rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src",
"product_id": "rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhv-log-collector-analyzer@1.0.14-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-0:4.5.3-1.el8ev.src",
"product": {
"name": "ovirt-engine-dwh-0:4.5.3-1.el8ev.src",
"product_id": "ovirt-engine-dwh-0:4.5.3-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh@4.5.3-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-dependencies-0:4.5.2-1.el8ev.src",
"product": {
"name": "ovirt-dependencies-0:4.5.2-1.el8ev.src",
"product_id": "ovirt-dependencies-0:4.5.2-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-dependencies@4.5.2-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "postgresql-jdbc-0:42.2.14-1.el8ev.src",
"product": {
"name": "postgresql-jdbc-0:42.2.14-1.el8ev.src",
"product_id": "postgresql-jdbc-0:42.2.14-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql-jdbc@42.2.14-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-log-collector-0:4.4.6-1.el8ev.src",
"product": {
"name": "ovirt-log-collector-0:4.4.6-1.el8ev.src",
"product_id": "ovirt-log-collector-0:4.4.6-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-log-collector@4.4.6-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "apache-commons-compress-0:1.21-1.2.el8ev.src",
"product": {
"name": "apache-commons-compress-0:1.21-1.2.el8ev.src",
"product_id": "apache-commons-compress-0:1.21-1.2.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-compress@1.21-1.2.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "rhvm-branding-rhv-0:4.5.0-1.el8ev.src",
"product": {
"name": "rhvm-branding-rhv-0:4.5.0-1.el8ev.src",
"product_id": "rhvm-branding-rhv-0:4.5.0-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-branding-rhv@4.5.0-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src",
"product": {
"name": "ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src",
"product_id": "ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-ui-extensions@1.3.4-1.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-0:4.5.1.2-0.11.el8ev.src",
"product": {
"name": "ovirt-engine-0:4.5.1.2-0.11.el8ev.src",
"product_id": "ovirt-engine-0:4.5.1.2-0.11.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine@4.5.1.2-0.11.el8ev?arch=src"
}
}
},
{
"category": "product_version",
"name": "ovirt-web-ui-0:1.9.0-1.el8ev.src",
"product": {
"name": "ovirt-web-ui-0:1.9.0-1.el8ev.src",
"product_id": "ovirt-web-ui-0:1.9.0-1.el8ev.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-web-ui@1.9.0-1.el8ev?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch",
"product": {
"name": "rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch",
"product_id": "rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhv-log-collector-analyzer@1.0.14-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch",
"product_id": "ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh@4.5.3-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch",
"product_id": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh-grafana-integration-setup@4.5.3-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch",
"product_id": "ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dwh-setup@4.5.3-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"product": {
"name": "ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"product_id": "ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-dependencies@4.5.2-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "postgresql-jdbc-0:42.2.14-1.el8ev.noarch",
"product": {
"name": "postgresql-jdbc-0:42.2.14-1.el8ev.noarch",
"product_id": "postgresql-jdbc-0:42.2.14-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql-jdbc@42.2.14-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch",
"product": {
"name": "postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch",
"product_id": "postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/postgresql-jdbc-javadoc@42.2.14-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-log-collector-0:4.4.6-1.el8ev.noarch",
"product": {
"name": "ovirt-log-collector-0:4.4.6-1.el8ev.noarch",
"product_id": "ovirt-log-collector-0:4.4.6-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-log-collector@4.4.6-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"product": {
"name": "apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"product_id": "apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-compress@1.21-1.2.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch",
"product": {
"name": "apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch",
"product_id": "apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/apache-commons-compress-javadoc@1.21-1.2.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch",
"product": {
"name": "rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch",
"product_id": "rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm-branding-rhv@4.5.0-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch",
"product": {
"name": "ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch",
"product_id": "ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-ui-extensions@1.3.4-1.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"product": {
"name": "ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"product_id": "ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine@4.5.1.2-0.11.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch",
"product": {
"name": "ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch",
"product_id": "ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-backend@4.5.1.2-0.11.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch",
"product": {
"name": "ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch",
"product_id": "ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-dbscripts@4.5.1.2-0.11.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch",
"product": {
"name": "ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch",
"product_id": "ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-health-check-bundler@4.5.1.2-0.11.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch",
"product": {
"name": "ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch",
"product_id": "ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-restapi@4.5.1.2-0.11.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch",
"product_id": "ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup@4.5.1.2-0.11.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch",
"product_id": "ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-base@4.5.1.2-0.11.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-cinderlib@4.5.1.2-0.11.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-imageio@4.5.1.2-0.11.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine@4.5.1.2-0.11.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-ovirt-engine-common@4.5.1.2-0.11.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-vmconsole-proxy-helper@4.5.1.2-0.11.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"product": {
"name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"product_id": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-setup-plugin-websocket-proxy@4.5.1.2-0.11.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch",
"product": {
"name": "ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch",
"product_id": "ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-tools@4.5.1.2-0.11.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch",
"product": {
"name": "ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch",
"product_id": "ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-tools-backup@4.5.1.2-0.11.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"product": {
"name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"product_id": "ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-vmconsole-proxy-helper@4.5.1.2-0.11.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch",
"product": {
"name": "ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch",
"product_id": "ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-webadmin-portal@4.5.1.2-0.11.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"product": {
"name": "ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"product_id": "ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-engine-websocket-proxy@4.5.1.2-0.11.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch",
"product": {
"name": "python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch",
"product_id": "python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-ovirt-engine-lib@4.5.1.2-0.11.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "rhvm-0:4.5.1.2-0.11.el8ev.noarch",
"product": {
"name": "rhvm-0:4.5.1.2-0.11.el8ev.noarch",
"product_id": "rhvm-0:4.5.1.2-0.11.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rhvm@4.5.1.2-0.11.el8ev?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"product": {
"name": "ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"product_id": "ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ovirt-web-ui@1.9.0-1.el8ev?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-compress-0:1.21-1.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.noarch"
},
"product_reference": "apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-compress-0:1.21-1.2.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.src"
},
"product_reference": "apache-commons-compress-0:1.21-1.2.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch"
},
"product_reference": "apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-dependencies-0:4.5.2-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.noarch"
},
"product_reference": "ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-dependencies-0:4.5.2-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.src"
},
"product_reference": "ovirt-dependencies-0:4.5.2-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch"
},
"product_reference": "ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-0:4.5.1.2-0.11.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.src"
},
"product_reference": "ovirt-engine-0:4.5.1.2-0.11.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch"
},
"product_reference": "ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch"
},
"product_reference": "ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-0:4.5.3-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.src"
},
"product_reference": "ovirt-engine-dwh-0:4.5.3-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch"
},
"product_reference": "ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch"
},
"product_reference": "ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch"
},
"product_reference": "ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch"
},
"product_reference": "ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch"
},
"product_reference": "ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch"
},
"product_reference": "ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src"
},
"product_reference": "ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch"
},
"product_reference": "ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch"
},
"product_reference": "ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch"
},
"product_reference": "ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-log-collector-0:4.4.6-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.noarch"
},
"product_reference": "ovirt-log-collector-0:4.4.6-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-log-collector-0:4.4.6-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.src"
},
"product_reference": "ovirt-log-collector-0:4.4.6-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-web-ui-0:1.9.0-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.noarch"
},
"product_reference": "ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ovirt-web-ui-0:1.9.0-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.src"
},
"product_reference": "ovirt-web-ui-0:1.9.0-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql-jdbc-0:42.2.14-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.noarch"
},
"product_reference": "postgresql-jdbc-0:42.2.14-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql-jdbc-0:42.2.14-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.src"
},
"product_reference": "postgresql-jdbc-0:42.2.14-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch"
},
"product_reference": "postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch"
},
"product_reference": "python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch"
},
"product_reference": "rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src"
},
"product_reference": "rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-0:4.5.1.2-0.11.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-0:4.5.1.2-0.11.el8ev.noarch"
},
"product_reference": "rhvm-0:4.5.1.2-0.11.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch"
},
"product_reference": "rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch",
"relates_to_product_reference": "8Base-RHV-S-4.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhvm-branding-rhv-0:4.5.0-1.el8ev.src as a component of RHEL-8-RHEV-S-4.4 - Red Hat Virtualization Engine 4.4",
"product_id": "8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.src"
},
"product_reference": "rhvm-branding-rhv-0:4.5.0-1.el8ev.src",
"relates_to_product_reference": "8Base-RHV-S-4.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3807",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-09-17T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.src",
"8Base-RHV-S-4.4:apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2007557"
}
],
"notes": [
{
"category": "description",
"text": "A regular expression denial of service (ReDoS) vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw requires crafted invalid ANSI escape codes in order to be exploited and only allows for denial of service of applications on the client side, hence the impact has been rated as Moderate.\n\nIn Red Hat Virtualization and Red Hat Quay some components use a vulnerable version of ansi-regex. However, all frontend code is executed on the client side. As the maximum impact of this vulnerability is denial of service in the client, the vulnerability is rated Moderate for those products.\n\nOpenShift Container Platform 4 (OCP) ships affected version of ansi-regex in the ose-metering-hadoop container, however the metering operator is deprecated since 4.6[1]. This issue is not currently planned to be addressed in future updates and hence hadoop container has been marked as \u0027will not fix\u0027.\n\nAdvanced Cluster Management for Kubernetes (RHACM) ships the affected version of ansi-regex in several containers, however the impact of this vulnerability is deemed low as it would result in an authenticated slowing down their own user interface. \n\n[1] https://docs.openshift.com/container-platform/4.6/metering/metering-about-metering.html",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.src"
],
"known_not_affected": [
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.src",
"8Base-RHV-S-4.4:apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-3807"
},
{
"category": "external",
"summary": "RHBZ#2007557",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007557"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-3807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3807"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3807"
},
{
"category": "external",
"summary": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994",
"url": "https://huntr.dev/bounties/5b3cf33b-ede0-4398-9974-800876dfd994"
}
],
"release_date": "2021-09-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5555"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes"
},
{
"cve": "CVE-2021-22096",
"discovery_date": "2021-12-21T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.src",
"8Base-RHV-S-4.4:apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2034584"
}
],
"notes": [
{
"category": "description",
"text": "In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "springframework: malicious input leads to insertion of additional log entries",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.src"
],
"known_not_affected": [
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.src",
"8Base-RHV-S-4.4:apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-22096"
},
{
"category": "external",
"summary": "RHBZ#2034584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034584"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-22096",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22096"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-22096",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22096"
}
],
"release_date": "2021-10-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5555"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "springframework: malicious input leads to insertion of additional log entries"
},
{
"cve": "CVE-2021-33623",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2021-05-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.src",
"8Base-RHV-S-4.4:apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1966615"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-trim-newlines. Node.js has an issue related to regular expression denial-of-service (ReDoS) for the .end() method.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-trim-newlines: ReDoS in .end() method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "OpenShift Container Platform (OCP) grafana-container does package a vulnerable verison of nodejs trim-newlines. However due to the instance being read only and behind OpenShift OAuth, the impact by this vulnerability is Low. Red Hat Advanced Cluster Management for Kubernetes (ACM) containers affected by this flaw are only accessible to authenticated users, thus the impact of this vulnerability is Low. \nRed Hat Virtualization (RHV) does package a vulnerable version of nodejs-trim-newlines. However, no untrusted content is being parsed therefore the impact of this vulnerability is Low.\n\nThe hosted services are shipped with the vulnerable packages, however the vulnerable methods were not identified in use at this time.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.src"
],
"known_not_affected": [
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.src",
"8Base-RHV-S-4.4:apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-33623"
},
{
"category": "external",
"summary": "RHBZ#1966615",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966615"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-33623",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33623"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-33623",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-33623"
}
],
"release_date": "2021-05-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5555"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-trim-newlines: ReDoS in .end() method"
},
{
"cve": "CVE-2021-35515",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2021-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1981895"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in apache-commons-compress. When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This flaw allows the mounting of a denial of service attack against services that use Compress\u0027 SevenZ package. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-compress: infinite loop when reading a specially crafted 7Z archive",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.src",
"8Base-RHV-S-4.4:apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-35515"
},
{
"category": "external",
"summary": "RHBZ#1981895",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981895"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-35515",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35515"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35515",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35515"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2021/07/13/1",
"url": "http://www.openwall.com/lists/oss-security/2021/07/13/1"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-compress/security-reports.html",
"url": "https://commons.apache.org/proper/commons-compress/security-reports.html"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E",
"url": "https://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fefb4c81ec5d1902d20ab%40%3Cuser.commons.apache.org%3E"
}
],
"release_date": "2021-07-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.src",
"8Base-RHV-S-4.4:apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5555"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.src",
"8Base-RHV-S-4.4:apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-compress: infinite loop when reading a specially crafted 7Z archive"
},
{
"cve": "CVE-2021-35516",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2021-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1981900"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in apache-commons-compress. When reading a specially crafted 7Z archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for very small inputs. This flaw allows the mounting of a denial of service attack against services that use Compress\u0027 SevenZ package. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.src",
"8Base-RHV-S-4.4:apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-35516"
},
{
"category": "external",
"summary": "RHBZ#1981900",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981900"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-35516",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35516"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35516",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35516"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2021/07/13/2",
"url": "http://www.openwall.com/lists/oss-security/2021/07/13/2"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-compress/security-reports.html",
"url": "https://commons.apache.org/proper/commons-compress/security-reports.html"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E",
"url": "https://lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12954f37332073c9822ca%40%3Cuser.commons.apache.org%3E"
}
],
"release_date": "2021-07-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.src",
"8Base-RHV-S-4.4:apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5555"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.src",
"8Base-RHV-S-4.4:apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive"
},
{
"cve": "CVE-2021-35517",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2021-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1981903"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in apache-commons-compress. When reading a specially crafted TAR archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for small inputs. This flaw allows the mounting of a denial of service attack against services that use Compress\u0027 TAR package. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.src",
"8Base-RHV-S-4.4:apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-35517"
},
{
"category": "external",
"summary": "RHBZ#1981903",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981903"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-35517",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35517"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-35517",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35517"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2021/07/13/3",
"url": "http://www.openwall.com/lists/oss-security/2021/07/13/3"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-compress/security-reports.html",
"url": "https://commons.apache.org/proper/commons-compress/security-reports.html"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f667f2c249b6fbabada9a940%40%3Cuser.commons.apache.org%3E",
"url": "https://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f667f2c249b6fbabada9a940%40%3Cuser.commons.apache.org%3E"
}
],
"release_date": "2021-07-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.src",
"8Base-RHV-S-4.4:apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5555"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.src",
"8Base-RHV-S-4.4:apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive"
},
{
"cve": "CVE-2021-36090",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2021-07-13T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1981909"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in apache-commons-compress. When reading a specially crafted ZIP archive, Compress can allocate large amounts of memory that leads to an out-of-memory error for small inputs. This flaw allows the mounting of a denial of service attack against services that use Compress\u0027 zip package. The highest threat from this vulnerability is to system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.src",
"8Base-RHV-S-4.4:apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch"
],
"known_not_affected": [
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-36090"
},
{
"category": "external",
"summary": "RHBZ#1981909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981909"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-36090",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-36090"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-36090",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36090"
},
{
"category": "external",
"summary": "http://www.openwall.com/lists/oss-security/2021/07/13/4",
"url": "http://www.openwall.com/lists/oss-security/2021/07/13/4"
},
{
"category": "external",
"summary": "https://commons.apache.org/proper/commons-compress/security-reports.html",
"url": "https://commons.apache.org/proper/commons-compress/security-reports.html"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E",
"url": "https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405012c8804fd850a9b26f%40%3Cuser.commons.apache.org%3E"
}
],
"release_date": "2021-07-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.src",
"8Base-RHV-S-4.4:apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5555"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.src",
"8Base-RHV-S-4.4:apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive"
},
{
"cve": "CVE-2022-22950",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2022-03-28T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.src",
"8Base-RHV-S-4.4:apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2069414"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Spring Framework. This flaw allows an attacker to craft a special Spring Expression, causing a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "spring-expression: Denial of service via specially crafted SpEL expression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.src"
],
"known_not_affected": [
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.src",
"8Base-RHV-S-4.4:apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-22950"
},
{
"category": "external",
"summary": "RHBZ#2069414",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2069414"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-22950",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-22950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22950"
}
],
"release_date": "2022-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5555"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "spring-expression: Denial of service via specially crafted SpEL expression"
},
{
"cve": "CVE-2022-31051",
"cwe": {
"id": "CWE-212",
"name": "Improper Removal of Sensitive Information Before Storage or Transfer"
},
"discovery_date": "2022-06-09T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.src",
"8Base-RHV-S-4.4:apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2097414"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in semantic-release. Secrets that are normally masked are accidentally disclosed if they contain characters excluded from uri encoding by `encodeURI()`. The vulnerability is further limited to execution contexts where push access to the related repository is unavailable without modifying the repository URL to inject credentials.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "semantic-release: Masked secrets can be disclosed if they contain characters that are excluded from uri encoding",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.src"
],
"known_not_affected": [
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.src",
"8Base-RHV-S-4.4:apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-31051"
},
{
"category": "external",
"summary": "RHBZ#2097414",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2097414"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-31051",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31051"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-31051",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31051"
},
{
"category": "external",
"summary": "https://github.com/semantic-release/semantic-release/security/advisories/GHSA-x2pg-mjhr-2m5x",
"url": "https://github.com/semantic-release/semantic-release/security/advisories/GHSA-x2pg-mjhr-2m5x"
}
],
"release_date": "2022-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891",
"product_ids": [
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:5555"
},
{
"category": "workaround",
"details": "Users should ensure that secrets that do not contain characters that are excluded from encoding with `encodeURI` when included in a URL that is already masked properly.",
"product_ids": [
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:apache-commons-compress-0:1.21-1.2.el8ev.src",
"8Base-RHV-S-4.4:apache-commons-compress-javadoc-0:1.21-1.2.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-dependencies-0:4.5.2-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-0:4.5.1.2-0.11.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-backend-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dbscripts-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-0:4.5.3-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-dwh-grafana-integration-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-dwh-setup-0:4.5.3-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-health-check-bundler-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-restapi-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-base-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-cinderlib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-imageio-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-ovirt-engine-common-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-setup-plugin-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-tools-backup-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-ui-extensions-0:1.3.4-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-engine-vmconsole-proxy-helper-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-webadmin-portal-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-engine-websocket-proxy-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-log-collector-0:4.4.6-1.el8ev.src",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:postgresql-jdbc-0:42.2.14-1.el8ev.src",
"8Base-RHV-S-4.4:postgresql-jdbc-javadoc-0:42.2.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:python3-ovirt-engine-lib-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhv-log-collector-analyzer-0:1.0.14-1.el8ev.src",
"8Base-RHV-S-4.4:rhvm-0:4.5.1.2-0.11.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:rhvm-branding-rhv-0:4.5.0-1.el8ev.src"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.noarch",
"8Base-RHV-S-4.4:ovirt-web-ui-0:1.9.0-1.el8ev.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "semantic-release: Masked secrets can be disclosed if they contain characters that are excluded from uri encoding"
}
]
}
Loading...