csaf_redhat - rhsa-2023

rhsa-2023_3644

Vulnerability from csaf_redhat

Published

2023-06-15 20:55

Modified

2024-11-22 22:14

Summary

Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.0

Notes

Topic

Red Hat OpenShift Service Mesh Containers for 2.4.0 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation. This advisory covers container images for the release. Security Fix(es): * golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Service Mesh Containers for 2.4.0\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Service Mesh is the Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise OpenShift Container Platform installation.\n\nThis advisory covers container images for the release.\n\nSecurity Fix(es):\n\n* golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:3644",
        "url": "https://access.redhat.com/errata/RHSA-2023:3644"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2196027",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196027"
      },
      {
        "category": "external",
        "summary": "OSSM-1094",
        "url": "https://issues.redhat.com/browse/OSSM-1094"
      },
      {
        "category": "external",
        "summary": "OSSM-1667",
        "url": "https://issues.redhat.com/browse/OSSM-1667"
      },
      {
        "category": "external",
        "summary": "OSSM-2128",
        "url": "https://issues.redhat.com/browse/OSSM-2128"
      },
      {
        "category": "external",
        "summary": "OSSM-2215",
        "url": "https://issues.redhat.com/browse/OSSM-2215"
      },
      {
        "category": "external",
        "summary": "OSSM-2221",
        "url": "https://issues.redhat.com/browse/OSSM-2221"
      },
      {
        "category": "external",
        "summary": "OSSM-2254",
        "url": "https://issues.redhat.com/browse/OSSM-2254"
      },
      {
        "category": "external",
        "summary": "OSSM-2274",
        "url": "https://issues.redhat.com/browse/OSSM-2274"
      },
      {
        "category": "external",
        "summary": "OSSM-2325",
        "url": "https://issues.redhat.com/browse/OSSM-2325"
      },
      {
        "category": "external",
        "summary": "OSSM-2339",
        "url": "https://issues.redhat.com/browse/OSSM-2339"
      },
      {
        "category": "external",
        "summary": "OSSM-2420",
        "url": "https://issues.redhat.com/browse/OSSM-2420"
      },
      {
        "category": "external",
        "summary": "OSSM-2436",
        "url": "https://issues.redhat.com/browse/OSSM-2436"
      },
      {
        "category": "external",
        "summary": "OSSM-3246",
        "url": "https://issues.redhat.com/browse/OSSM-3246"
      },
      {
        "category": "external",
        "summary": "OSSM-3288",
        "url": "https://issues.redhat.com/browse/OSSM-3288"
      },
      {
        "category": "external",
        "summary": "OSSM-3291",
        "url": "https://issues.redhat.com/browse/OSSM-3291"
      },
      {
        "category": "external",
        "summary": "OSSM-331",
        "url": "https://issues.redhat.com/browse/OSSM-331"
      },
      {
        "category": "external",
        "summary": "OSSM-3419",
        "url": "https://issues.redhat.com/browse/OSSM-3419"
      },
      {
        "category": "external",
        "summary": "OSSM-3747",
        "url": "https://issues.redhat.com/browse/OSSM-3747"
      },
      {
        "category": "external",
        "summary": "OSSM-3784",
        "url": "https://issues.redhat.com/browse/OSSM-3784"
      },
      {
        "category": "external",
        "summary": "OSSM-3802",
        "url": "https://issues.redhat.com/browse/OSSM-3802"
      },
      {
        "category": "external",
        "summary": "OSSM-3803",
        "url": "https://issues.redhat.com/browse/OSSM-3803"
      },
      {
        "category": "external",
        "summary": "OSSM-3870",
        "url": "https://issues.redhat.com/browse/OSSM-3870"
      },
      {
        "category": "external",
        "summary": "OSSM-3873",
        "url": "https://issues.redhat.com/browse/OSSM-3873"
      },
      {
        "category": "external",
        "summary": "OSSM-3934",
        "url": "https://issues.redhat.com/browse/OSSM-3934"
      },
      {
        "category": "external",
        "summary": "OSSM-3986",
        "url": "https://issues.redhat.com/browse/OSSM-3986"
      },
      {
        "category": "external",
        "summary": "OSSM-4037",
        "url": "https://issues.redhat.com/browse/OSSM-4037"
      },
      {
        "category": "external",
        "summary": "OSSM-4069",
        "url": "https://issues.redhat.com/browse/OSSM-4069"
      },
      {
        "category": "external",
        "summary": "OSSM-566",
        "url": "https://issues.redhat.com/browse/OSSM-566"
      },
      {
        "category": "external",
        "summary": "OSSM-568",
        "url": "https://issues.redhat.com/browse/OSSM-568"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3644.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.0",
    "tracking": {
      "current_release_date": "2024-11-22T22:14:54+00:00",
      "generator": {
        "date": "2024-11-22T22:14:54+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2023:3644",
      "initial_release_date": "2023-06-15T20:55:47+00:00",
      "revision_history": [
        {
          "date": "2023-06-15T20:55:47+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-06-15T20:55:47+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T22:14:54+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHOSSM 2.4 for RHEL 8",
                "product": {
                  "name": "RHOSSM 2.4 for RHEL 8",
                  "product_id": "8Base-RHOSSM-2.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:service_mesh:2.4::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Service Mesh"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-service-mesh/istio-cni-rhel8@sha256:4b5bb6078895f25ac0fe1f095a6b474b81c45fd11b1aec33cc7b6f3921517829_amd64",
                "product": {
                  "name": "openshift-service-mesh/istio-cni-rhel8@sha256:4b5bb6078895f25ac0fe1f095a6b474b81c45fd11b1aec33cc7b6f3921517829_amd64",
                  "product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:4b5bb6078895f25ac0fe1f095a6b474b81c45fd11b1aec33cc7b6f3921517829_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/istio-cni-rhel8@sha256:4b5bb6078895f25ac0fe1f095a6b474b81c45fd11b1aec33cc7b6f3921517829?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.4.0-57"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/grafana-rhel8@sha256:0244c6a3dfe7b04a1f947987c14236372be9c9107d91c4715001edee8e302f15_amd64",
                "product": {
                  "name": "openshift-service-mesh/grafana-rhel8@sha256:0244c6a3dfe7b04a1f947987c14236372be9c9107d91c4715001edee8e302f15_amd64",
                  "product_id": "openshift-service-mesh/grafana-rhel8@sha256:0244c6a3dfe7b04a1f947987c14236372be9c9107d91c4715001edee8e302f15_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/grafana-rhel8@sha256:0244c6a3dfe7b04a1f947987c14236372be9c9107d91c4715001edee8e302f15?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.4.0-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/kiali-rhel8@sha256:3c8e44952e2d2a0fd690c7bf3e75777dda03776334a6e830658a34fe15934833_amd64",
                "product": {
                  "name": "openshift-service-mesh/kiali-rhel8@sha256:3c8e44952e2d2a0fd690c7bf3e75777dda03776334a6e830658a34fe15934833_amd64",
                  "product_id": "openshift-service-mesh/kiali-rhel8@sha256:3c8e44952e2d2a0fd690c7bf3e75777dda03776334a6e830658a34fe15934833_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel8@sha256:3c8e44952e2d2a0fd690c7bf3e75777dda03776334a6e830658a34fe15934833?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.65.6-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:42d32c0b9b3d9f822606ee087c6ce6284f9908bc2a33cb7d12b89ea0cec7b9a8_amd64",
                "product": {
                  "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:42d32c0b9b3d9f822606ee087c6ce6284f9908bc2a33cb7d12b89ea0cec7b9a8_amd64",
                  "product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:42d32c0b9b3d9f822606ee087c6ce6284f9908bc2a33cb7d12b89ea0cec7b9a8_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel8-operator@sha256:42d32c0b9b3d9f822606ee087c6ce6284f9908bc2a33cb7d12b89ea0cec7b9a8?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.65.6-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:8571b1b158048380e4133c1d89a7770990a73b6a4c778a04f20e66c047c4c993_amd64",
                "product": {
                  "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:8571b1b158048380e4133c1d89a7770990a73b6a4c778a04f20e66c047c4c993_amd64",
                  "product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:8571b1b158048380e4133c1d89a7770990a73b6a4c778a04f20e66c047c4c993_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/istio-must-gather-rhel8@sha256:8571b1b158048380e4133c1d89a7770990a73b6a4c778a04f20e66c047c4c993?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.4.0-13"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/istio-rhel8-operator@sha256:88e72801cc48bf310ca498c1f9c995dacc70b0570d9046627e9e8133d68ba619_amd64",
                "product": {
                  "name": "openshift-service-mesh/istio-rhel8-operator@sha256:88e72801cc48bf310ca498c1f9c995dacc70b0570d9046627e9e8133d68ba619_amd64",
                  "product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:88e72801cc48bf310ca498c1f9c995dacc70b0570d9046627e9e8133d68ba619_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/istio-rhel8-operator@sha256:88e72801cc48bf310ca498c1f9c995dacc70b0570d9046627e9e8133d68ba619?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.4.0-68"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/pilot-rhel8@sha256:c88d1f0fa0fca2def48975c4174929125b4189dde358c168435a3b8475792640_amd64",
                "product": {
                  "name": "openshift-service-mesh/pilot-rhel8@sha256:c88d1f0fa0fca2def48975c4174929125b4189dde358c168435a3b8475792640_amd64",
                  "product_id": "openshift-service-mesh/pilot-rhel8@sha256:c88d1f0fa0fca2def48975c4174929125b4189dde358c168435a3b8475792640_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pilot-rhel8@sha256:c88d1f0fa0fca2def48975c4174929125b4189dde358c168435a3b8475792640?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.4.0-58"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/proxyv2-rhel8@sha256:f3f17317795e4526ec3478be6ada6e099b9886fa354dc9c917abff52063f1f9e_amd64",
                "product": {
                  "name": "openshift-service-mesh/proxyv2-rhel8@sha256:f3f17317795e4526ec3478be6ada6e099b9886fa354dc9c917abff52063f1f9e_amd64",
                  "product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:f3f17317795e4526ec3478be6ada6e099b9886fa354dc9c917abff52063f1f9e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/proxyv2-rhel8@sha256:f3f17317795e4526ec3478be6ada6e099b9886fa354dc9c917abff52063f1f9e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.4.0-28"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/ratelimit-rhel8@sha256:3caa8b6f3f940c7cd4ba2fb21522572dec2c7d6ae2ea31f2a377c4dfeea0b981_amd64",
                "product": {
                  "name": "openshift-service-mesh/ratelimit-rhel8@sha256:3caa8b6f3f940c7cd4ba2fb21522572dec2c7d6ae2ea31f2a377c4dfeea0b981_amd64",
                  "product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:3caa8b6f3f940c7cd4ba2fb21522572dec2c7d6ae2ea31f2a377c4dfeea0b981_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ratelimit-rhel8@sha256:3caa8b6f3f940c7cd4ba2fb21522572dec2c7d6ae2ea31f2a377c4dfeea0b981?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.4.0-11"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-service-mesh/istio-cni-rhel8@sha256:b3febdb34083218e8b4d5559bcfd0eab9decaae886089509453b34237e94a541_ppc64le",
                "product": {
                  "name": "openshift-service-mesh/istio-cni-rhel8@sha256:b3febdb34083218e8b4d5559bcfd0eab9decaae886089509453b34237e94a541_ppc64le",
                  "product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:b3febdb34083218e8b4d5559bcfd0eab9decaae886089509453b34237e94a541_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/istio-cni-rhel8@sha256:b3febdb34083218e8b4d5559bcfd0eab9decaae886089509453b34237e94a541?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.4.0-57"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/grafana-rhel8@sha256:fad8eeaa0dd5268c260d11582682bb7ec436488f5e35caae3a825b84ee3b1b35_ppc64le",
                "product": {
                  "name": "openshift-service-mesh/grafana-rhel8@sha256:fad8eeaa0dd5268c260d11582682bb7ec436488f5e35caae3a825b84ee3b1b35_ppc64le",
                  "product_id": "openshift-service-mesh/grafana-rhel8@sha256:fad8eeaa0dd5268c260d11582682bb7ec436488f5e35caae3a825b84ee3b1b35_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/grafana-rhel8@sha256:fad8eeaa0dd5268c260d11582682bb7ec436488f5e35caae3a825b84ee3b1b35?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.4.0-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/kiali-rhel8@sha256:0689fd1d69fee4dae484769ea0c22255f89efee25cf7c60d8ee18add49beb09e_ppc64le",
                "product": {
                  "name": "openshift-service-mesh/kiali-rhel8@sha256:0689fd1d69fee4dae484769ea0c22255f89efee25cf7c60d8ee18add49beb09e_ppc64le",
                  "product_id": "openshift-service-mesh/kiali-rhel8@sha256:0689fd1d69fee4dae484769ea0c22255f89efee25cf7c60d8ee18add49beb09e_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel8@sha256:0689fd1d69fee4dae484769ea0c22255f89efee25cf7c60d8ee18add49beb09e?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.65.6-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:f2df08223aabbbe73f3ad226eacfef342e9cd7dc9d9f76831784837233e9bab3_ppc64le",
                "product": {
                  "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:f2df08223aabbbe73f3ad226eacfef342e9cd7dc9d9f76831784837233e9bab3_ppc64le",
                  "product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:f2df08223aabbbe73f3ad226eacfef342e9cd7dc9d9f76831784837233e9bab3_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel8-operator@sha256:f2df08223aabbbe73f3ad226eacfef342e9cd7dc9d9f76831784837233e9bab3?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.65.6-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1f1f2f8f9ae365a9c2b905bf4e903c428f06b16995e64e4448425f5c74656fc8_ppc64le",
                "product": {
                  "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1f1f2f8f9ae365a9c2b905bf4e903c428f06b16995e64e4448425f5c74656fc8_ppc64le",
                  "product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1f1f2f8f9ae365a9c2b905bf4e903c428f06b16995e64e4448425f5c74656fc8_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/istio-must-gather-rhel8@sha256:1f1f2f8f9ae365a9c2b905bf4e903c428f06b16995e64e4448425f5c74656fc8?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.4.0-13"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/istio-rhel8-operator@sha256:4a9dc1d3e45460d3bc699932f5b9345c81d4c5740c7cacdf550691f7e02d743b_ppc64le",
                "product": {
                  "name": "openshift-service-mesh/istio-rhel8-operator@sha256:4a9dc1d3e45460d3bc699932f5b9345c81d4c5740c7cacdf550691f7e02d743b_ppc64le",
                  "product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:4a9dc1d3e45460d3bc699932f5b9345c81d4c5740c7cacdf550691f7e02d743b_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/istio-rhel8-operator@sha256:4a9dc1d3e45460d3bc699932f5b9345c81d4c5740c7cacdf550691f7e02d743b?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.4.0-68"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/pilot-rhel8@sha256:a362627eabd321590db36618cf3de49beab01a90144833844f89d1da913cb1bc_ppc64le",
                "product": {
                  "name": "openshift-service-mesh/pilot-rhel8@sha256:a362627eabd321590db36618cf3de49beab01a90144833844f89d1da913cb1bc_ppc64le",
                  "product_id": "openshift-service-mesh/pilot-rhel8@sha256:a362627eabd321590db36618cf3de49beab01a90144833844f89d1da913cb1bc_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pilot-rhel8@sha256:a362627eabd321590db36618cf3de49beab01a90144833844f89d1da913cb1bc?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.4.0-58"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/proxyv2-rhel8@sha256:c4855989391c62d30a50c61d0da7019767502cb40f04bf02d147aa1c4478d9f1_ppc64le",
                "product": {
                  "name": "openshift-service-mesh/proxyv2-rhel8@sha256:c4855989391c62d30a50c61d0da7019767502cb40f04bf02d147aa1c4478d9f1_ppc64le",
                  "product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:c4855989391c62d30a50c61d0da7019767502cb40f04bf02d147aa1c4478d9f1_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/proxyv2-rhel8@sha256:c4855989391c62d30a50c61d0da7019767502cb40f04bf02d147aa1c4478d9f1?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.4.0-28"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/ratelimit-rhel8@sha256:beb9b3aab05f3ebe80ee1358f8be8dfe55d3e9616cec5ab542e8360bbd61667c_ppc64le",
                "product": {
                  "name": "openshift-service-mesh/ratelimit-rhel8@sha256:beb9b3aab05f3ebe80ee1358f8be8dfe55d3e9616cec5ab542e8360bbd61667c_ppc64le",
                  "product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:beb9b3aab05f3ebe80ee1358f8be8dfe55d3e9616cec5ab542e8360bbd61667c_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ratelimit-rhel8@sha256:beb9b3aab05f3ebe80ee1358f8be8dfe55d3e9616cec5ab542e8360bbd61667c?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.4.0-11"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-service-mesh/istio-cni-rhel8@sha256:0b6e8b4d5ce3866ec2f7a85dc7fa56bbd68ecc1d9d145e9843fdb081e57b255d_s390x",
                "product": {
                  "name": "openshift-service-mesh/istio-cni-rhel8@sha256:0b6e8b4d5ce3866ec2f7a85dc7fa56bbd68ecc1d9d145e9843fdb081e57b255d_s390x",
                  "product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:0b6e8b4d5ce3866ec2f7a85dc7fa56bbd68ecc1d9d145e9843fdb081e57b255d_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/istio-cni-rhel8@sha256:0b6e8b4d5ce3866ec2f7a85dc7fa56bbd68ecc1d9d145e9843fdb081e57b255d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.4.0-57"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/grafana-rhel8@sha256:f4abc32571c1d18f5af3d08ad7fc0cb7d31a90af31273477e0158629dcb0c390_s390x",
                "product": {
                  "name": "openshift-service-mesh/grafana-rhel8@sha256:f4abc32571c1d18f5af3d08ad7fc0cb7d31a90af31273477e0158629dcb0c390_s390x",
                  "product_id": "openshift-service-mesh/grafana-rhel8@sha256:f4abc32571c1d18f5af3d08ad7fc0cb7d31a90af31273477e0158629dcb0c390_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/grafana-rhel8@sha256:f4abc32571c1d18f5af3d08ad7fc0cb7d31a90af31273477e0158629dcb0c390?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.4.0-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/kiali-rhel8@sha256:61404d6af307383070c63d73a55500f9b13ebe9eb0cf37128db5d565fc13cd9e_s390x",
                "product": {
                  "name": "openshift-service-mesh/kiali-rhel8@sha256:61404d6af307383070c63d73a55500f9b13ebe9eb0cf37128db5d565fc13cd9e_s390x",
                  "product_id": "openshift-service-mesh/kiali-rhel8@sha256:61404d6af307383070c63d73a55500f9b13ebe9eb0cf37128db5d565fc13cd9e_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel8@sha256:61404d6af307383070c63d73a55500f9b13ebe9eb0cf37128db5d565fc13cd9e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.65.6-5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:6c765c163e66ef63bc1c0bec6365ffd529bc82a344bcf1d854cd64ec1cc936e7_s390x",
                "product": {
                  "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:6c765c163e66ef63bc1c0bec6365ffd529bc82a344bcf1d854cd64ec1cc936e7_s390x",
                  "product_id": "openshift-service-mesh/kiali-rhel8-operator@sha256:6c765c163e66ef63bc1c0bec6365ffd529bc82a344bcf1d854cd64ec1cc936e7_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel8-operator@sha256:6c765c163e66ef63bc1c0bec6365ffd529bc82a344bcf1d854cd64ec1cc936e7?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator\u0026tag=1.65.6-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:e79559de1bb9c1ca62b2b913598716094c51c859a594754688f566332d018280_s390x",
                "product": {
                  "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:e79559de1bb9c1ca62b2b913598716094c51c859a594754688f566332d018280_s390x",
                  "product_id": "openshift-service-mesh/istio-must-gather-rhel8@sha256:e79559de1bb9c1ca62b2b913598716094c51c859a594754688f566332d018280_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/istio-must-gather-rhel8@sha256:e79559de1bb9c1ca62b2b913598716094c51c859a594754688f566332d018280?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel8\u0026tag=2.4.0-13"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/istio-rhel8-operator@sha256:ea48a2037f74ad55c2595dbec3e44ed4a764ccd1d5021c6b3ed8a5a579167f18_s390x",
                "product": {
                  "name": "openshift-service-mesh/istio-rhel8-operator@sha256:ea48a2037f74ad55c2595dbec3e44ed4a764ccd1d5021c6b3ed8a5a579167f18_s390x",
                  "product_id": "openshift-service-mesh/istio-rhel8-operator@sha256:ea48a2037f74ad55c2595dbec3e44ed4a764ccd1d5021c6b3ed8a5a579167f18_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/istio-rhel8-operator@sha256:ea48a2037f74ad55c2595dbec3e44ed4a764ccd1d5021c6b3ed8a5a579167f18?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-rhel8-operator\u0026tag=2.4.0-68"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/pilot-rhel8@sha256:4ada7b103b5f4b8c567544ce19fb00fbf7fa0e11ad4a7b5a4ac44541558c3bc6_s390x",
                "product": {
                  "name": "openshift-service-mesh/pilot-rhel8@sha256:4ada7b103b5f4b8c567544ce19fb00fbf7fa0e11ad4a7b5a4ac44541558c3bc6_s390x",
                  "product_id": "openshift-service-mesh/pilot-rhel8@sha256:4ada7b103b5f4b8c567544ce19fb00fbf7fa0e11ad4a7b5a4ac44541558c3bc6_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pilot-rhel8@sha256:4ada7b103b5f4b8c567544ce19fb00fbf7fa0e11ad4a7b5a4ac44541558c3bc6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.4.0-58"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/proxyv2-rhel8@sha256:8c78626f5d486a75b2c07e82479d30e294e929c9c04e2db09b413838c1d5b965_s390x",
                "product": {
                  "name": "openshift-service-mesh/proxyv2-rhel8@sha256:8c78626f5d486a75b2c07e82479d30e294e929c9c04e2db09b413838c1d5b965_s390x",
                  "product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:8c78626f5d486a75b2c07e82479d30e294e929c9c04e2db09b413838c1d5b965_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/proxyv2-rhel8@sha256:8c78626f5d486a75b2c07e82479d30e294e929c9c04e2db09b413838c1d5b965?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.4.0-28"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/ratelimit-rhel8@sha256:5a17a81c29f147812f1e8c52131828d84e3b404223f4099c2dfa7323d3345586_s390x",
                "product": {
                  "name": "openshift-service-mesh/ratelimit-rhel8@sha256:5a17a81c29f147812f1e8c52131828d84e3b404223f4099c2dfa7323d3345586_s390x",
                  "product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:5a17a81c29f147812f1e8c52131828d84e3b404223f4099c2dfa7323d3345586_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ratelimit-rhel8@sha256:5a17a81c29f147812f1e8c52131828d84e3b404223f4099c2dfa7323d3345586?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.4.0-11"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/grafana-rhel8@sha256:0244c6a3dfe7b04a1f947987c14236372be9c9107d91c4715001edee8e302f15_amd64 as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0244c6a3dfe7b04a1f947987c14236372be9c9107d91c4715001edee8e302f15_amd64"
        },
        "product_reference": "openshift-service-mesh/grafana-rhel8@sha256:0244c6a3dfe7b04a1f947987c14236372be9c9107d91c4715001edee8e302f15_amd64",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/grafana-rhel8@sha256:f4abc32571c1d18f5af3d08ad7fc0cb7d31a90af31273477e0158629dcb0c390_s390x as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:f4abc32571c1d18f5af3d08ad7fc0cb7d31a90af31273477e0158629dcb0c390_s390x"
        },
        "product_reference": "openshift-service-mesh/grafana-rhel8@sha256:f4abc32571c1d18f5af3d08ad7fc0cb7d31a90af31273477e0158629dcb0c390_s390x",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/grafana-rhel8@sha256:fad8eeaa0dd5268c260d11582682bb7ec436488f5e35caae3a825b84ee3b1b35_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:fad8eeaa0dd5268c260d11582682bb7ec436488f5e35caae3a825b84ee3b1b35_ppc64le"
        },
        "product_reference": "openshift-service-mesh/grafana-rhel8@sha256:fad8eeaa0dd5268c260d11582682bb7ec436488f5e35caae3a825b84ee3b1b35_ppc64le",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/istio-cni-rhel8@sha256:0b6e8b4d5ce3866ec2f7a85dc7fa56bbd68ecc1d9d145e9843fdb081e57b255d_s390x as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:0b6e8b4d5ce3866ec2f7a85dc7fa56bbd68ecc1d9d145e9843fdb081e57b255d_s390x"
        },
        "product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:0b6e8b4d5ce3866ec2f7a85dc7fa56bbd68ecc1d9d145e9843fdb081e57b255d_s390x",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/istio-cni-rhel8@sha256:4b5bb6078895f25ac0fe1f095a6b474b81c45fd11b1aec33cc7b6f3921517829_amd64 as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4b5bb6078895f25ac0fe1f095a6b474b81c45fd11b1aec33cc7b6f3921517829_amd64"
        },
        "product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:4b5bb6078895f25ac0fe1f095a6b474b81c45fd11b1aec33cc7b6f3921517829_amd64",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/istio-cni-rhel8@sha256:b3febdb34083218e8b4d5559bcfd0eab9decaae886089509453b34237e94a541_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:b3febdb34083218e8b4d5559bcfd0eab9decaae886089509453b34237e94a541_ppc64le"
        },
        "product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:b3febdb34083218e8b4d5559bcfd0eab9decaae886089509453b34237e94a541_ppc64le",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1f1f2f8f9ae365a9c2b905bf4e903c428f06b16995e64e4448425f5c74656fc8_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1f1f2f8f9ae365a9c2b905bf4e903c428f06b16995e64e4448425f5c74656fc8_ppc64le"
        },
        "product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:1f1f2f8f9ae365a9c2b905bf4e903c428f06b16995e64e4448425f5c74656fc8_ppc64le",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:8571b1b158048380e4133c1d89a7770990a73b6a4c778a04f20e66c047c4c993_amd64 as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:8571b1b158048380e4133c1d89a7770990a73b6a4c778a04f20e66c047c4c993_amd64"
        },
        "product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:8571b1b158048380e4133c1d89a7770990a73b6a4c778a04f20e66c047c4c993_amd64",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/istio-must-gather-rhel8@sha256:e79559de1bb9c1ca62b2b913598716094c51c859a594754688f566332d018280_s390x as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:e79559de1bb9c1ca62b2b913598716094c51c859a594754688f566332d018280_s390x"
        },
        "product_reference": "openshift-service-mesh/istio-must-gather-rhel8@sha256:e79559de1bb9c1ca62b2b913598716094c51c859a594754688f566332d018280_s390x",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/istio-rhel8-operator@sha256:4a9dc1d3e45460d3bc699932f5b9345c81d4c5740c7cacdf550691f7e02d743b_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:4a9dc1d3e45460d3bc699932f5b9345c81d4c5740c7cacdf550691f7e02d743b_ppc64le"
        },
        "product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:4a9dc1d3e45460d3bc699932f5b9345c81d4c5740c7cacdf550691f7e02d743b_ppc64le",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/istio-rhel8-operator@sha256:88e72801cc48bf310ca498c1f9c995dacc70b0570d9046627e9e8133d68ba619_amd64 as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:88e72801cc48bf310ca498c1f9c995dacc70b0570d9046627e9e8133d68ba619_amd64"
        },
        "product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:88e72801cc48bf310ca498c1f9c995dacc70b0570d9046627e9e8133d68ba619_amd64",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/istio-rhel8-operator@sha256:ea48a2037f74ad55c2595dbec3e44ed4a764ccd1d5021c6b3ed8a5a579167f18_s390x as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:ea48a2037f74ad55c2595dbec3e44ed4a764ccd1d5021c6b3ed8a5a579167f18_s390x"
        },
        "product_reference": "openshift-service-mesh/istio-rhel8-operator@sha256:ea48a2037f74ad55c2595dbec3e44ed4a764ccd1d5021c6b3ed8a5a579167f18_s390x",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:42d32c0b9b3d9f822606ee087c6ce6284f9908bc2a33cb7d12b89ea0cec7b9a8_amd64 as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:42d32c0b9b3d9f822606ee087c6ce6284f9908bc2a33cb7d12b89ea0cec7b9a8_amd64"
        },
        "product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:42d32c0b9b3d9f822606ee087c6ce6284f9908bc2a33cb7d12b89ea0cec7b9a8_amd64",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:6c765c163e66ef63bc1c0bec6365ffd529bc82a344bcf1d854cd64ec1cc936e7_s390x as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:6c765c163e66ef63bc1c0bec6365ffd529bc82a344bcf1d854cd64ec1cc936e7_s390x"
        },
        "product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:6c765c163e66ef63bc1c0bec6365ffd529bc82a344bcf1d854cd64ec1cc936e7_s390x",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/kiali-rhel8-operator@sha256:f2df08223aabbbe73f3ad226eacfef342e9cd7dc9d9f76831784837233e9bab3_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:f2df08223aabbbe73f3ad226eacfef342e9cd7dc9d9f76831784837233e9bab3_ppc64le"
        },
        "product_reference": "openshift-service-mesh/kiali-rhel8-operator@sha256:f2df08223aabbbe73f3ad226eacfef342e9cd7dc9d9f76831784837233e9bab3_ppc64le",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/kiali-rhel8@sha256:0689fd1d69fee4dae484769ea0c22255f89efee25cf7c60d8ee18add49beb09e_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:0689fd1d69fee4dae484769ea0c22255f89efee25cf7c60d8ee18add49beb09e_ppc64le"
        },
        "product_reference": "openshift-service-mesh/kiali-rhel8@sha256:0689fd1d69fee4dae484769ea0c22255f89efee25cf7c60d8ee18add49beb09e_ppc64le",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/kiali-rhel8@sha256:3c8e44952e2d2a0fd690c7bf3e75777dda03776334a6e830658a34fe15934833_amd64 as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3c8e44952e2d2a0fd690c7bf3e75777dda03776334a6e830658a34fe15934833_amd64"
        },
        "product_reference": "openshift-service-mesh/kiali-rhel8@sha256:3c8e44952e2d2a0fd690c7bf3e75777dda03776334a6e830658a34fe15934833_amd64",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/kiali-rhel8@sha256:61404d6af307383070c63d73a55500f9b13ebe9eb0cf37128db5d565fc13cd9e_s390x as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:61404d6af307383070c63d73a55500f9b13ebe9eb0cf37128db5d565fc13cd9e_s390x"
        },
        "product_reference": "openshift-service-mesh/kiali-rhel8@sha256:61404d6af307383070c63d73a55500f9b13ebe9eb0cf37128db5d565fc13cd9e_s390x",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/pilot-rhel8@sha256:4ada7b103b5f4b8c567544ce19fb00fbf7fa0e11ad4a7b5a4ac44541558c3bc6_s390x as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:4ada7b103b5f4b8c567544ce19fb00fbf7fa0e11ad4a7b5a4ac44541558c3bc6_s390x"
        },
        "product_reference": "openshift-service-mesh/pilot-rhel8@sha256:4ada7b103b5f4b8c567544ce19fb00fbf7fa0e11ad4a7b5a4ac44541558c3bc6_s390x",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/pilot-rhel8@sha256:a362627eabd321590db36618cf3de49beab01a90144833844f89d1da913cb1bc_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:a362627eabd321590db36618cf3de49beab01a90144833844f89d1da913cb1bc_ppc64le"
        },
        "product_reference": "openshift-service-mesh/pilot-rhel8@sha256:a362627eabd321590db36618cf3de49beab01a90144833844f89d1da913cb1bc_ppc64le",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/pilot-rhel8@sha256:c88d1f0fa0fca2def48975c4174929125b4189dde358c168435a3b8475792640_amd64 as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c88d1f0fa0fca2def48975c4174929125b4189dde358c168435a3b8475792640_amd64"
        },
        "product_reference": "openshift-service-mesh/pilot-rhel8@sha256:c88d1f0fa0fca2def48975c4174929125b4189dde358c168435a3b8475792640_amd64",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/proxyv2-rhel8@sha256:8c78626f5d486a75b2c07e82479d30e294e929c9c04e2db09b413838c1d5b965_s390x as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:8c78626f5d486a75b2c07e82479d30e294e929c9c04e2db09b413838c1d5b965_s390x"
        },
        "product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:8c78626f5d486a75b2c07e82479d30e294e929c9c04e2db09b413838c1d5b965_s390x",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/proxyv2-rhel8@sha256:c4855989391c62d30a50c61d0da7019767502cb40f04bf02d147aa1c4478d9f1_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:c4855989391c62d30a50c61d0da7019767502cb40f04bf02d147aa1c4478d9f1_ppc64le"
        },
        "product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:c4855989391c62d30a50c61d0da7019767502cb40f04bf02d147aa1c4478d9f1_ppc64le",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/proxyv2-rhel8@sha256:f3f17317795e4526ec3478be6ada6e099b9886fa354dc9c917abff52063f1f9e_amd64 as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:f3f17317795e4526ec3478be6ada6e099b9886fa354dc9c917abff52063f1f9e_amd64"
        },
        "product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:f3f17317795e4526ec3478be6ada6e099b9886fa354dc9c917abff52063f1f9e_amd64",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/ratelimit-rhel8@sha256:3caa8b6f3f940c7cd4ba2fb21522572dec2c7d6ae2ea31f2a377c4dfeea0b981_amd64 as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:3caa8b6f3f940c7cd4ba2fb21522572dec2c7d6ae2ea31f2a377c4dfeea0b981_amd64"
        },
        "product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:3caa8b6f3f940c7cd4ba2fb21522572dec2c7d6ae2ea31f2a377c4dfeea0b981_amd64",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/ratelimit-rhel8@sha256:5a17a81c29f147812f1e8c52131828d84e3b404223f4099c2dfa7323d3345586_s390x as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:5a17a81c29f147812f1e8c52131828d84e3b404223f4099c2dfa7323d3345586_s390x"
        },
        "product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:5a17a81c29f147812f1e8c52131828d84e3b404223f4099c2dfa7323d3345586_s390x",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/ratelimit-rhel8@sha256:beb9b3aab05f3ebe80ee1358f8be8dfe55d3e9616cec5ab542e8360bbd61667c_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:beb9b3aab05f3ebe80ee1358f8be8dfe55d3e9616cec5ab542e8360bbd61667c_ppc64le"
        },
        "product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:beb9b3aab05f3ebe80ee1358f8be8dfe55d3e9616cec5ab542e8360bbd61667c_ppc64le",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Juho Nurminen"
          ],
          "organization": "Mattermost"
        }
      ],
      "cve": "CVE-2023-24540",
      "cwe": {
        "id": "CWE-176",
        "name": "Improper Handling of Unicode Encoding"
      },
      "discovery_date": "2023-05-07T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0244c6a3dfe7b04a1f947987c14236372be9c9107d91c4715001edee8e302f15_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:f4abc32571c1d18f5af3d08ad7fc0cb7d31a90af31273477e0158629dcb0c390_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:fad8eeaa0dd5268c260d11582682bb7ec436488f5e35caae3a825b84ee3b1b35_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1f1f2f8f9ae365a9c2b905bf4e903c428f06b16995e64e4448425f5c74656fc8_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:8571b1b158048380e4133c1d89a7770990a73b6a4c778a04f20e66c047c4c993_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:e79559de1bb9c1ca62b2b913598716094c51c859a594754688f566332d018280_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:42d32c0b9b3d9f822606ee087c6ce6284f9908bc2a33cb7d12b89ea0cec7b9a8_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:6c765c163e66ef63bc1c0bec6365ffd529bc82a344bcf1d854cd64ec1cc936e7_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:f2df08223aabbbe73f3ad226eacfef342e9cd7dc9d9f76831784837233e9bab3_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:3caa8b6f3f940c7cd4ba2fb21522572dec2c7d6ae2ea31f2a377c4dfeea0b981_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:5a17a81c29f147812f1e8c52131828d84e3b404223f4099c2dfa7323d3345586_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:beb9b3aab05f3ebe80ee1358f8be8dfe55d3e9616cec5ab542e8360bbd61667c_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2196027"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang: html/template: improper handling of JavaScript whitespace",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For Red Hat Enterprise Linux,\n* Conmon uses go in unit testing, but not functionally in the package. Go is used only in test files, hence, not in the actual code, thus, conmon is not affected.\n* The Go templates in Grafana do not contain any javascript. Thus, it is not affected.\n* Ignition does not make use of html/template.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) the affected containers are behind OpenShift OAuth authentication. This restricts access to the vulnerable golang html/templates to authenticated users only, therefore the impact is low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:0b6e8b4d5ce3866ec2f7a85dc7fa56bbd68ecc1d9d145e9843fdb081e57b255d_s390x",
          "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4b5bb6078895f25ac0fe1f095a6b474b81c45fd11b1aec33cc7b6f3921517829_amd64",
          "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:b3febdb34083218e8b4d5559bcfd0eab9decaae886089509453b34237e94a541_ppc64le",
          "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:4a9dc1d3e45460d3bc699932f5b9345c81d4c5740c7cacdf550691f7e02d743b_ppc64le",
          "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:88e72801cc48bf310ca498c1f9c995dacc70b0570d9046627e9e8133d68ba619_amd64",
          "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:ea48a2037f74ad55c2595dbec3e44ed4a764ccd1d5021c6b3ed8a5a579167f18_s390x",
          "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:0689fd1d69fee4dae484769ea0c22255f89efee25cf7c60d8ee18add49beb09e_ppc64le",
          "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3c8e44952e2d2a0fd690c7bf3e75777dda03776334a6e830658a34fe15934833_amd64",
          "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:61404d6af307383070c63d73a55500f9b13ebe9eb0cf37128db5d565fc13cd9e_s390x",
          "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:4ada7b103b5f4b8c567544ce19fb00fbf7fa0e11ad4a7b5a4ac44541558c3bc6_s390x",
          "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:a362627eabd321590db36618cf3de49beab01a90144833844f89d1da913cb1bc_ppc64le",
          "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c88d1f0fa0fca2def48975c4174929125b4189dde358c168435a3b8475792640_amd64",
          "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:8c78626f5d486a75b2c07e82479d30e294e929c9c04e2db09b413838c1d5b965_s390x",
          "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:c4855989391c62d30a50c61d0da7019767502cb40f04bf02d147aa1c4478d9f1_ppc64le",
          "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:f3f17317795e4526ec3478be6ada6e099b9886fa354dc9c917abff52063f1f9e_amd64"
        ],
        "known_not_affected": [
          "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0244c6a3dfe7b04a1f947987c14236372be9c9107d91c4715001edee8e302f15_amd64",
          "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:f4abc32571c1d18f5af3d08ad7fc0cb7d31a90af31273477e0158629dcb0c390_s390x",
          "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:fad8eeaa0dd5268c260d11582682bb7ec436488f5e35caae3a825b84ee3b1b35_ppc64le",
          "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1f1f2f8f9ae365a9c2b905bf4e903c428f06b16995e64e4448425f5c74656fc8_ppc64le",
          "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:8571b1b158048380e4133c1d89a7770990a73b6a4c778a04f20e66c047c4c993_amd64",
          "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:e79559de1bb9c1ca62b2b913598716094c51c859a594754688f566332d018280_s390x",
          "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:42d32c0b9b3d9f822606ee087c6ce6284f9908bc2a33cb7d12b89ea0cec7b9a8_amd64",
          "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:6c765c163e66ef63bc1c0bec6365ffd529bc82a344bcf1d854cd64ec1cc936e7_s390x",
          "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:f2df08223aabbbe73f3ad226eacfef342e9cd7dc9d9f76831784837233e9bab3_ppc64le",
          "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:3caa8b6f3f940c7cd4ba2fb21522572dec2c7d6ae2ea31f2a377c4dfeea0b981_amd64",
          "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:5a17a81c29f147812f1e8c52131828d84e3b404223f4099c2dfa7323d3345586_s390x",
          "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:beb9b3aab05f3ebe80ee1358f8be8dfe55d3e9616cec5ab542e8360bbd61667c_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-24540"
        },
        {
          "category": "external",
          "summary": "RHBZ#2196027",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196027"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-24540",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-24540"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-24540",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24540"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/59721",
          "url": "https://go.dev/issue/59721"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU",
          "url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
        }
      ],
      "release_date": "2023-04-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-06-15T20:55:47+00:00",
          "details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:0b6e8b4d5ce3866ec2f7a85dc7fa56bbd68ecc1d9d145e9843fdb081e57b255d_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4b5bb6078895f25ac0fe1f095a6b474b81c45fd11b1aec33cc7b6f3921517829_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:b3febdb34083218e8b4d5559bcfd0eab9decaae886089509453b34237e94a541_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:4a9dc1d3e45460d3bc699932f5b9345c81d4c5740c7cacdf550691f7e02d743b_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:88e72801cc48bf310ca498c1f9c995dacc70b0570d9046627e9e8133d68ba619_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:ea48a2037f74ad55c2595dbec3e44ed4a764ccd1d5021c6b3ed8a5a579167f18_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:0689fd1d69fee4dae484769ea0c22255f89efee25cf7c60d8ee18add49beb09e_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3c8e44952e2d2a0fd690c7bf3e75777dda03776334a6e830658a34fe15934833_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:61404d6af307383070c63d73a55500f9b13ebe9eb0cf37128db5d565fc13cd9e_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:4ada7b103b5f4b8c567544ce19fb00fbf7fa0e11ad4a7b5a4ac44541558c3bc6_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:a362627eabd321590db36618cf3de49beab01a90144833844f89d1da913cb1bc_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c88d1f0fa0fca2def48975c4174929125b4189dde358c168435a3b8475792640_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:8c78626f5d486a75b2c07e82479d30e294e929c9c04e2db09b413838c1d5b965_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:c4855989391c62d30a50c61d0da7019767502cb40f04bf02d147aa1c4478d9f1_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:f3f17317795e4526ec3478be6ada6e099b9886fa354dc9c917abff52063f1f9e_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:3644"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
          "product_ids": [
            "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0244c6a3dfe7b04a1f947987c14236372be9c9107d91c4715001edee8e302f15_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:f4abc32571c1d18f5af3d08ad7fc0cb7d31a90af31273477e0158629dcb0c390_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:fad8eeaa0dd5268c260d11582682bb7ec436488f5e35caae3a825b84ee3b1b35_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:0b6e8b4d5ce3866ec2f7a85dc7fa56bbd68ecc1d9d145e9843fdb081e57b255d_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4b5bb6078895f25ac0fe1f095a6b474b81c45fd11b1aec33cc7b6f3921517829_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:b3febdb34083218e8b4d5559bcfd0eab9decaae886089509453b34237e94a541_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:1f1f2f8f9ae365a9c2b905bf4e903c428f06b16995e64e4448425f5c74656fc8_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:8571b1b158048380e4133c1d89a7770990a73b6a4c778a04f20e66c047c4c993_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-must-gather-rhel8@sha256:e79559de1bb9c1ca62b2b913598716094c51c859a594754688f566332d018280_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:4a9dc1d3e45460d3bc699932f5b9345c81d4c5740c7cacdf550691f7e02d743b_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:88e72801cc48bf310ca498c1f9c995dacc70b0570d9046627e9e8133d68ba619_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:ea48a2037f74ad55c2595dbec3e44ed4a764ccd1d5021c6b3ed8a5a579167f18_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:42d32c0b9b3d9f822606ee087c6ce6284f9908bc2a33cb7d12b89ea0cec7b9a8_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:6c765c163e66ef63bc1c0bec6365ffd529bc82a344bcf1d854cd64ec1cc936e7_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8-operator@sha256:f2df08223aabbbe73f3ad226eacfef342e9cd7dc9d9f76831784837233e9bab3_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:0689fd1d69fee4dae484769ea0c22255f89efee25cf7c60d8ee18add49beb09e_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3c8e44952e2d2a0fd690c7bf3e75777dda03776334a6e830658a34fe15934833_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:61404d6af307383070c63d73a55500f9b13ebe9eb0cf37128db5d565fc13cd9e_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:4ada7b103b5f4b8c567544ce19fb00fbf7fa0e11ad4a7b5a4ac44541558c3bc6_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:a362627eabd321590db36618cf3de49beab01a90144833844f89d1da913cb1bc_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c88d1f0fa0fca2def48975c4174929125b4189dde358c168435a3b8475792640_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:8c78626f5d486a75b2c07e82479d30e294e929c9c04e2db09b413838c1d5b965_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:c4855989391c62d30a50c61d0da7019767502cb40f04bf02d147aa1c4478d9f1_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:f3f17317795e4526ec3478be6ada6e099b9886fa354dc9c917abff52063f1f9e_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:3caa8b6f3f940c7cd4ba2fb21522572dec2c7d6ae2ea31f2a377c4dfeea0b981_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:5a17a81c29f147812f1e8c52131828d84e3b404223f4099c2dfa7323d3345586_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:beb9b3aab05f3ebe80ee1358f8be8dfe55d3e9616cec5ab542e8360bbd61667c_ppc64le"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:0b6e8b4d5ce3866ec2f7a85dc7fa56bbd68ecc1d9d145e9843fdb081e57b255d_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4b5bb6078895f25ac0fe1f095a6b474b81c45fd11b1aec33cc7b6f3921517829_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:b3febdb34083218e8b4d5559bcfd0eab9decaae886089509453b34237e94a541_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:4a9dc1d3e45460d3bc699932f5b9345c81d4c5740c7cacdf550691f7e02d743b_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:88e72801cc48bf310ca498c1f9c995dacc70b0570d9046627e9e8133d68ba619_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-rhel8-operator@sha256:ea48a2037f74ad55c2595dbec3e44ed4a764ccd1d5021c6b3ed8a5a579167f18_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:0689fd1d69fee4dae484769ea0c22255f89efee25cf7c60d8ee18add49beb09e_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:3c8e44952e2d2a0fd690c7bf3e75777dda03776334a6e830658a34fe15934833_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:61404d6af307383070c63d73a55500f9b13ebe9eb0cf37128db5d565fc13cd9e_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:4ada7b103b5f4b8c567544ce19fb00fbf7fa0e11ad4a7b5a4ac44541558c3bc6_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:a362627eabd321590db36618cf3de49beab01a90144833844f89d1da913cb1bc_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:c88d1f0fa0fca2def48975c4174929125b4189dde358c168435a3b8475792640_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:8c78626f5d486a75b2c07e82479d30e294e929c9c04e2db09b413838c1d5b965_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:c4855989391c62d30a50c61d0da7019767502cb40f04bf02d147aa1c4478d9f1_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:f3f17317795e4526ec3478be6ada6e099b9886fa354dc9c917abff52063f1f9e_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang: html/template: improper handling of JavaScript whitespace"
    }
  ]
}

cve-2023-24540

Vulnerability from cvelistv5

Published

2023-05-11 15:29

Modified

2024-11-15 13:08

Severity ?

Summary

Improper handling of JavaScript whitespace in html/template

References

▼	URL	Tags
	https://go.dev/issue/59721
	https://go.dev/cl/491616
	https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
	https://pkg.go.dev/vuln/GO-2023-1752

Impacted products

▼	Vendor	Product
	Go standard library	html/template

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-15T13:08:11.286Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/issue/59721"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://go.dev/cl/491616"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://pkg.go.dev/vuln/GO-2023-1752"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241115-0008/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "html/template",
          "product": "html/template",
          "programRoutines": [
            {
              "name": "nextJSCtx"
            },
            {
              "name": "Template.Execute"
            },
            {
              "name": "Template.ExecuteTemplate"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.19.9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.20.4",
              "status": "affected",
              "version": "1.20.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Juho Nurminen of Mattermost"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-74: Improper input validation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T19:08:26.127Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/issue/59721"
        },
        {
          "url": "https://go.dev/cl/491616"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2023-1752"
        }
      ],
      "title": "Improper handling of JavaScript whitespace in html/template"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2023-24540",
    "datePublished": "2023-05-11T15:29:31.947Z",
    "dateReserved": "2023-01-25T21:19:20.642Z",
    "dateUpdated": "2024-11-15T13:08:11.286Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted