csaf_redhat - rhsa-2024

rhsa-2024_0719

Vulnerability from csaf_redhat

Published

2024-02-07 15:32

Modified

2024-11-15 17:43

Summary

Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update

Notes

Topic

Migration Toolkit for Runtimes 1.2.4 release Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Migration Toolkit for Runtimes 1.2.4 Images Security Fix(es): * nodejs-semver: Regular expression denial of service (CVE-2022-25883) * jackson-databind: denial of service via cylic dependencies (CVE-2023-35116) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Migration Toolkit for Runtimes 1.2.4 release\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Migration Toolkit for Runtimes 1.2.4 Images\n\nSecurity Fix(es):\n\n* nodejs-semver: Regular expression denial of service (CVE-2022-25883)\n\n* jackson-databind: denial of service via cylic dependencies (CVE-2023-35116)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:0719",
        "url": "https://access.redhat.com/errata/RHSA-2024:0719"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2215214",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215214"
      },
      {
        "category": "external",
        "summary": "2216475",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216475"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0719.json"
      }
    ],
    "title": "Red Hat Security Advisory: Migration Toolkit for Runtimes security, bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2024-11-15T17:43:09+00:00",
      "generator": {
        "date": "2024-11-15T17:43:09+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2024:0719",
      "initial_release_date": "2024-02-07T15:32:23+00:00",
      "revision_history": [
        {
          "date": "2024-02-07T15:32:23+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-02-07T15:32:23+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-15T17:43:09+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Migration Toolkit for Runtimes 1 on RHEL 8",
                "product": {
                  "name": "Migration Toolkit for Runtimes 1 on RHEL 8",
                  "product_id": "8Base-MTR-1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Migration Toolkit for Runtimes"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mtr/mtr-operator-bundle@sha256:9046593959cf11bc952f5bda39478fd5abc3e7ab5c61a4fdf96d15897aa0d78f_s390x",
                "product": {
                  "name": "mtr/mtr-operator-bundle@sha256:9046593959cf11bc952f5bda39478fd5abc3e7ab5c61a4fdf96d15897aa0d78f_s390x",
                  "product_id": "mtr/mtr-operator-bundle@sha256:9046593959cf11bc952f5bda39478fd5abc3e7ab5c61a4fdf96d15897aa0d78f_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-operator-bundle@sha256:9046593959cf11bc952f5bda39478fd5abc3e7ab5c61a4fdf96d15897aa0d78f?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-13"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-rhel8-operator@sha256:61cdc15df15d08b2d133bc4f8fe31bffbee209de1faf9ccc5cf1285c2a6aca1c_s390x",
                "product": {
                  "name": "mtr/mtr-rhel8-operator@sha256:61cdc15df15d08b2d133bc4f8fe31bffbee209de1faf9ccc5cf1285c2a6aca1c_s390x",
                  "product_id": "mtr/mtr-rhel8-operator@sha256:61cdc15df15d08b2d133bc4f8fe31bffbee209de1faf9ccc5cf1285c2a6aca1c_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-rhel8-operator@sha256:61cdc15df15d08b2d133bc4f8fe31bffbee209de1faf9ccc5cf1285c2a6aca1c?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-web-container-rhel8@sha256:a864b9445262878cb0066ae7101c1a1998ce335bb72ce013ac561d19a021eb22_s390x",
                "product": {
                  "name": "mtr/mtr-web-container-rhel8@sha256:a864b9445262878cb0066ae7101c1a1998ce335bb72ce013ac561d19a021eb22_s390x",
                  "product_id": "mtr/mtr-web-container-rhel8@sha256:a864b9445262878cb0066ae7101c1a1998ce335bb72ce013ac561d19a021eb22_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-web-container-rhel8@sha256:a864b9445262878cb0066ae7101c1a1998ce335bb72ce013ac561d19a021eb22?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8\u0026tag=1.2-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-web-executor-container-rhel8@sha256:91164350574d037eea7f4a456213977fbd34bf78a150e1efa9f58360295e97e4_s390x",
                "product": {
                  "name": "mtr/mtr-web-executor-container-rhel8@sha256:91164350574d037eea7f4a456213977fbd34bf78a150e1efa9f58360295e97e4_s390x",
                  "product_id": "mtr/mtr-web-executor-container-rhel8@sha256:91164350574d037eea7f4a456213977fbd34bf78a150e1efa9f58360295e97e4_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:91164350574d037eea7f4a456213977fbd34bf78a150e1efa9f58360295e97e4?arch=s390x\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.2-8"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mtr/mtr-operator-bundle@sha256:8c91c79d241c860d9dbf64ad02ce319dd4b4787f7f2c8a14d2d685624806ed04_arm64",
                "product": {
                  "name": "mtr/mtr-operator-bundle@sha256:8c91c79d241c860d9dbf64ad02ce319dd4b4787f7f2c8a14d2d685624806ed04_arm64",
                  "product_id": "mtr/mtr-operator-bundle@sha256:8c91c79d241c860d9dbf64ad02ce319dd4b4787f7f2c8a14d2d685624806ed04_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-operator-bundle@sha256:8c91c79d241c860d9dbf64ad02ce319dd4b4787f7f2c8a14d2d685624806ed04?arch=arm64\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-13"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-rhel8-operator@sha256:ef4ecb153b4b8b14d63f7d331ffe158b180120e20ce94599e6a7cfa74fa49b6a_arm64",
                "product": {
                  "name": "mtr/mtr-rhel8-operator@sha256:ef4ecb153b4b8b14d63f7d331ffe158b180120e20ce94599e6a7cfa74fa49b6a_arm64",
                  "product_id": "mtr/mtr-rhel8-operator@sha256:ef4ecb153b4b8b14d63f7d331ffe158b180120e20ce94599e6a7cfa74fa49b6a_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-rhel8-operator@sha256:ef4ecb153b4b8b14d63f7d331ffe158b180120e20ce94599e6a7cfa74fa49b6a?arch=arm64\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-web-executor-container-rhel8@sha256:c58c38ea26dfa2d07d73bdc403c7645574ddc9ee17304fcc5d61ff876dcf6097_arm64",
                "product": {
                  "name": "mtr/mtr-web-executor-container-rhel8@sha256:c58c38ea26dfa2d07d73bdc403c7645574ddc9ee17304fcc5d61ff876dcf6097_arm64",
                  "product_id": "mtr/mtr-web-executor-container-rhel8@sha256:c58c38ea26dfa2d07d73bdc403c7645574ddc9ee17304fcc5d61ff876dcf6097_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:c58c38ea26dfa2d07d73bdc403c7645574ddc9ee17304fcc5d61ff876dcf6097?arch=arm64\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.2-8"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mtr/mtr-operator-bundle@sha256:b786a18de43145dbe1ec6a137bf6dbe72adca095146c7158424eda0ad84abd82_amd64",
                "product": {
                  "name": "mtr/mtr-operator-bundle@sha256:b786a18de43145dbe1ec6a137bf6dbe72adca095146c7158424eda0ad84abd82_amd64",
                  "product_id": "mtr/mtr-operator-bundle@sha256:b786a18de43145dbe1ec6a137bf6dbe72adca095146c7158424eda0ad84abd82_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-operator-bundle@sha256:b786a18de43145dbe1ec6a137bf6dbe72adca095146c7158424eda0ad84abd82?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-13"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-rhel8-operator@sha256:c8b896612d3682641298ddd7502cda0ef6425c53b724aa3bfd4a31352c960087_amd64",
                "product": {
                  "name": "mtr/mtr-rhel8-operator@sha256:c8b896612d3682641298ddd7502cda0ef6425c53b724aa3bfd4a31352c960087_amd64",
                  "product_id": "mtr/mtr-rhel8-operator@sha256:c8b896612d3682641298ddd7502cda0ef6425c53b724aa3bfd4a31352c960087_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-rhel8-operator@sha256:c8b896612d3682641298ddd7502cda0ef6425c53b724aa3bfd4a31352c960087?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-web-container-rhel8@sha256:34e91adfb0c4a0ce3be35cefd7c6c585fa866a150629c06c06555c34933f7cbc_amd64",
                "product": {
                  "name": "mtr/mtr-web-container-rhel8@sha256:34e91adfb0c4a0ce3be35cefd7c6c585fa866a150629c06c06555c34933f7cbc_amd64",
                  "product_id": "mtr/mtr-web-container-rhel8@sha256:34e91adfb0c4a0ce3be35cefd7c6c585fa866a150629c06c06555c34933f7cbc_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-web-container-rhel8@sha256:34e91adfb0c4a0ce3be35cefd7c6c585fa866a150629c06c06555c34933f7cbc?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8\u0026tag=1.2-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-web-executor-container-rhel8@sha256:d79c7de19d3b751331fc64d53f1ebe27b71ab3a92dda65fa44ddf0e9e7e24bbd_amd64",
                "product": {
                  "name": "mtr/mtr-web-executor-container-rhel8@sha256:d79c7de19d3b751331fc64d53f1ebe27b71ab3a92dda65fa44ddf0e9e7e24bbd_amd64",
                  "product_id": "mtr/mtr-web-executor-container-rhel8@sha256:d79c7de19d3b751331fc64d53f1ebe27b71ab3a92dda65fa44ddf0e9e7e24bbd_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:d79c7de19d3b751331fc64d53f1ebe27b71ab3a92dda65fa44ddf0e9e7e24bbd?arch=amd64\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.2-8"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "mtr/mtr-operator-bundle@sha256:8723ff82aa53d56530e923340289f549f9cae9d1d66ae6559d07db9535c53c4b_ppc64le",
                "product": {
                  "name": "mtr/mtr-operator-bundle@sha256:8723ff82aa53d56530e923340289f549f9cae9d1d66ae6559d07db9535c53c4b_ppc64le",
                  "product_id": "mtr/mtr-operator-bundle@sha256:8723ff82aa53d56530e923340289f549f9cae9d1d66ae6559d07db9535c53c4b_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-operator-bundle@sha256:8723ff82aa53d56530e923340289f549f9cae9d1d66ae6559d07db9535c53c4b?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-operator-bundle\u0026tag=1.2-13"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-rhel8-operator@sha256:8e4b3b5bb06df89b119bb93234aec29660ff03481298074c2f011f74d4c185f0_ppc64le",
                "product": {
                  "name": "mtr/mtr-rhel8-operator@sha256:8e4b3b5bb06df89b119bb93234aec29660ff03481298074c2f011f74d4c185f0_ppc64le",
                  "product_id": "mtr/mtr-rhel8-operator@sha256:8e4b3b5bb06df89b119bb93234aec29660ff03481298074c2f011f74d4c185f0_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-rhel8-operator@sha256:8e4b3b5bb06df89b119bb93234aec29660ff03481298074c2f011f74d4c185f0?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-rhel8-operator\u0026tag=1.2-9"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-web-container-rhel8@sha256:a314c3e344566e9772b609e5aacffcc78fee8f7d56002f6d9d97d7cba572d6ae_ppc64le",
                "product": {
                  "name": "mtr/mtr-web-container-rhel8@sha256:a314c3e344566e9772b609e5aacffcc78fee8f7d56002f6d9d97d7cba572d6ae_ppc64le",
                  "product_id": "mtr/mtr-web-container-rhel8@sha256:a314c3e344566e9772b609e5aacffcc78fee8f7d56002f6d9d97d7cba572d6ae_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-web-container-rhel8@sha256:a314c3e344566e9772b609e5aacffcc78fee8f7d56002f6d9d97d7cba572d6ae?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-web-container-rhel8\u0026tag=1.2-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mtr/mtr-web-executor-container-rhel8@sha256:cd600c6d2f9b7c5f1863586c39f66951d37b0e6098f455c3f65cc9a783d05158_ppc64le",
                "product": {
                  "name": "mtr/mtr-web-executor-container-rhel8@sha256:cd600c6d2f9b7c5f1863586c39f66951d37b0e6098f455c3f65cc9a783d05158_ppc64le",
                  "product_id": "mtr/mtr-web-executor-container-rhel8@sha256:cd600c6d2f9b7c5f1863586c39f66951d37b0e6098f455c3f65cc9a783d05158_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/mtr-web-executor-container-rhel8@sha256:cd600c6d2f9b7c5f1863586c39f66951d37b0e6098f455c3f65cc9a783d05158?arch=ppc64le\u0026repository_url=registry.redhat.io/mtr/mtr-web-executor-container-rhel8\u0026tag=1.2-8"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-operator-bundle@sha256:8723ff82aa53d56530e923340289f549f9cae9d1d66ae6559d07db9535c53c4b_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8723ff82aa53d56530e923340289f549f9cae9d1d66ae6559d07db9535c53c4b_ppc64le"
        },
        "product_reference": "mtr/mtr-operator-bundle@sha256:8723ff82aa53d56530e923340289f549f9cae9d1d66ae6559d07db9535c53c4b_ppc64le",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-operator-bundle@sha256:8c91c79d241c860d9dbf64ad02ce319dd4b4787f7f2c8a14d2d685624806ed04_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8c91c79d241c860d9dbf64ad02ce319dd4b4787f7f2c8a14d2d685624806ed04_arm64"
        },
        "product_reference": "mtr/mtr-operator-bundle@sha256:8c91c79d241c860d9dbf64ad02ce319dd4b4787f7f2c8a14d2d685624806ed04_arm64",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-operator-bundle@sha256:9046593959cf11bc952f5bda39478fd5abc3e7ab5c61a4fdf96d15897aa0d78f_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:9046593959cf11bc952f5bda39478fd5abc3e7ab5c61a4fdf96d15897aa0d78f_s390x"
        },
        "product_reference": "mtr/mtr-operator-bundle@sha256:9046593959cf11bc952f5bda39478fd5abc3e7ab5c61a4fdf96d15897aa0d78f_s390x",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-operator-bundle@sha256:b786a18de43145dbe1ec6a137bf6dbe72adca095146c7158424eda0ad84abd82_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:b786a18de43145dbe1ec6a137bf6dbe72adca095146c7158424eda0ad84abd82_amd64"
        },
        "product_reference": "mtr/mtr-operator-bundle@sha256:b786a18de43145dbe1ec6a137bf6dbe72adca095146c7158424eda0ad84abd82_amd64",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-rhel8-operator@sha256:61cdc15df15d08b2d133bc4f8fe31bffbee209de1faf9ccc5cf1285c2a6aca1c_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:61cdc15df15d08b2d133bc4f8fe31bffbee209de1faf9ccc5cf1285c2a6aca1c_s390x"
        },
        "product_reference": "mtr/mtr-rhel8-operator@sha256:61cdc15df15d08b2d133bc4f8fe31bffbee209de1faf9ccc5cf1285c2a6aca1c_s390x",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-rhel8-operator@sha256:8e4b3b5bb06df89b119bb93234aec29660ff03481298074c2f011f74d4c185f0_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8e4b3b5bb06df89b119bb93234aec29660ff03481298074c2f011f74d4c185f0_ppc64le"
        },
        "product_reference": "mtr/mtr-rhel8-operator@sha256:8e4b3b5bb06df89b119bb93234aec29660ff03481298074c2f011f74d4c185f0_ppc64le",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-rhel8-operator@sha256:c8b896612d3682641298ddd7502cda0ef6425c53b724aa3bfd4a31352c960087_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c8b896612d3682641298ddd7502cda0ef6425c53b724aa3bfd4a31352c960087_amd64"
        },
        "product_reference": "mtr/mtr-rhel8-operator@sha256:c8b896612d3682641298ddd7502cda0ef6425c53b724aa3bfd4a31352c960087_amd64",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-rhel8-operator@sha256:ef4ecb153b4b8b14d63f7d331ffe158b180120e20ce94599e6a7cfa74fa49b6a_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:ef4ecb153b4b8b14d63f7d331ffe158b180120e20ce94599e6a7cfa74fa49b6a_arm64"
        },
        "product_reference": "mtr/mtr-rhel8-operator@sha256:ef4ecb153b4b8b14d63f7d331ffe158b180120e20ce94599e6a7cfa74fa49b6a_arm64",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-web-container-rhel8@sha256:34e91adfb0c4a0ce3be35cefd7c6c585fa866a150629c06c06555c34933f7cbc_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:34e91adfb0c4a0ce3be35cefd7c6c585fa866a150629c06c06555c34933f7cbc_amd64"
        },
        "product_reference": "mtr/mtr-web-container-rhel8@sha256:34e91adfb0c4a0ce3be35cefd7c6c585fa866a150629c06c06555c34933f7cbc_amd64",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-web-container-rhel8@sha256:a314c3e344566e9772b609e5aacffcc78fee8f7d56002f6d9d97d7cba572d6ae_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:a314c3e344566e9772b609e5aacffcc78fee8f7d56002f6d9d97d7cba572d6ae_ppc64le"
        },
        "product_reference": "mtr/mtr-web-container-rhel8@sha256:a314c3e344566e9772b609e5aacffcc78fee8f7d56002f6d9d97d7cba572d6ae_ppc64le",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-web-container-rhel8@sha256:a864b9445262878cb0066ae7101c1a1998ce335bb72ce013ac561d19a021eb22_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:a864b9445262878cb0066ae7101c1a1998ce335bb72ce013ac561d19a021eb22_s390x"
        },
        "product_reference": "mtr/mtr-web-container-rhel8@sha256:a864b9445262878cb0066ae7101c1a1998ce335bb72ce013ac561d19a021eb22_s390x",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-web-executor-container-rhel8@sha256:91164350574d037eea7f4a456213977fbd34bf78a150e1efa9f58360295e97e4_s390x as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:91164350574d037eea7f4a456213977fbd34bf78a150e1efa9f58360295e97e4_s390x"
        },
        "product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:91164350574d037eea7f4a456213977fbd34bf78a150e1efa9f58360295e97e4_s390x",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-web-executor-container-rhel8@sha256:c58c38ea26dfa2d07d73bdc403c7645574ddc9ee17304fcc5d61ff876dcf6097_arm64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:c58c38ea26dfa2d07d73bdc403c7645574ddc9ee17304fcc5d61ff876dcf6097_arm64"
        },
        "product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:c58c38ea26dfa2d07d73bdc403c7645574ddc9ee17304fcc5d61ff876dcf6097_arm64",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-web-executor-container-rhel8@sha256:cd600c6d2f9b7c5f1863586c39f66951d37b0e6098f455c3f65cc9a783d05158_ppc64le as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:cd600c6d2f9b7c5f1863586c39f66951d37b0e6098f455c3f65cc9a783d05158_ppc64le"
        },
        "product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:cd600c6d2f9b7c5f1863586c39f66951d37b0e6098f455c3f65cc9a783d05158_ppc64le",
        "relates_to_product_reference": "8Base-MTR-1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mtr/mtr-web-executor-container-rhel8@sha256:d79c7de19d3b751331fc64d53f1ebe27b71ab3a92dda65fa44ddf0e9e7e24bbd_amd64 as a component of Migration Toolkit for Runtimes 1 on RHEL 8",
          "product_id": "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:d79c7de19d3b751331fc64d53f1ebe27b71ab3a92dda65fa44ddf0e9e7e24bbd_amd64"
        },
        "product_reference": "mtr/mtr-web-executor-container-rhel8@sha256:d79c7de19d3b751331fc64d53f1ebe27b71ab3a92dda65fa44ddf0e9e7e24bbd_amd64",
        "relates_to_product_reference": "8Base-MTR-1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-25883",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2023-06-21T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8723ff82aa53d56530e923340289f549f9cae9d1d66ae6559d07db9535c53c4b_ppc64le",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8c91c79d241c860d9dbf64ad02ce319dd4b4787f7f2c8a14d2d685624806ed04_arm64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:9046593959cf11bc952f5bda39478fd5abc3e7ab5c61a4fdf96d15897aa0d78f_s390x",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:b786a18de43145dbe1ec6a137bf6dbe72adca095146c7158424eda0ad84abd82_amd64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:61cdc15df15d08b2d133bc4f8fe31bffbee209de1faf9ccc5cf1285c2a6aca1c_s390x",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8e4b3b5bb06df89b119bb93234aec29660ff03481298074c2f011f74d4c185f0_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c8b896612d3682641298ddd7502cda0ef6425c53b724aa3bfd4a31352c960087_amd64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:ef4ecb153b4b8b14d63f7d331ffe158b180120e20ce94599e6a7cfa74fa49b6a_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2216475"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the \u0027new Range\u0027 function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-semver: Regular expression denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Advanced Cluster Management for Kubernetes-2 and Red Hat Advanced Cluster Security-3 has been marked as Low severity because node-semver is a Dev dependency for those, used only during the build process, and not used in customer environments.\n\nIn Red Hat Advanced Cluster Management for Kubernetes (RHACM) the server-regexp dependency is protected by OAuth what is reducing impact by this flaw to Low.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:34e91adfb0c4a0ce3be35cefd7c6c585fa866a150629c06c06555c34933f7cbc_amd64",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:a314c3e344566e9772b609e5aacffcc78fee8f7d56002f6d9d97d7cba572d6ae_ppc64le",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:a864b9445262878cb0066ae7101c1a1998ce335bb72ce013ac561d19a021eb22_s390x",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:91164350574d037eea7f4a456213977fbd34bf78a150e1efa9f58360295e97e4_s390x",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:c58c38ea26dfa2d07d73bdc403c7645574ddc9ee17304fcc5d61ff876dcf6097_arm64",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:cd600c6d2f9b7c5f1863586c39f66951d37b0e6098f455c3f65cc9a783d05158_ppc64le",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:d79c7de19d3b751331fc64d53f1ebe27b71ab3a92dda65fa44ddf0e9e7e24bbd_amd64"
        ],
        "known_not_affected": [
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8723ff82aa53d56530e923340289f549f9cae9d1d66ae6559d07db9535c53c4b_ppc64le",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8c91c79d241c860d9dbf64ad02ce319dd4b4787f7f2c8a14d2d685624806ed04_arm64",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:9046593959cf11bc952f5bda39478fd5abc3e7ab5c61a4fdf96d15897aa0d78f_s390x",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:b786a18de43145dbe1ec6a137bf6dbe72adca095146c7158424eda0ad84abd82_amd64",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:61cdc15df15d08b2d133bc4f8fe31bffbee209de1faf9ccc5cf1285c2a6aca1c_s390x",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8e4b3b5bb06df89b119bb93234aec29660ff03481298074c2f011f74d4c185f0_ppc64le",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c8b896612d3682641298ddd7502cda0ef6425c53b724aa3bfd4a31352c960087_amd64",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:ef4ecb153b4b8b14d63f7d331ffe158b180120e20ce94599e6a7cfa74fa49b6a_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-25883"
        },
        {
          "category": "external",
          "summary": "RHBZ#2216475",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216475"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25883",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-25883"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25883",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25883"
        },
        {
          "category": "external",
          "summary": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw",
          "url": "https://github.com/advisories/GHSA-c2qf-rxjj-qqgw"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795",
          "url": "https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795"
        }
      ],
      "release_date": "2023-06-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-07T15:32:23+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:34e91adfb0c4a0ce3be35cefd7c6c585fa866a150629c06c06555c34933f7cbc_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:a314c3e344566e9772b609e5aacffcc78fee8f7d56002f6d9d97d7cba572d6ae_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:a864b9445262878cb0066ae7101c1a1998ce335bb72ce013ac561d19a021eb22_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:91164350574d037eea7f4a456213977fbd34bf78a150e1efa9f58360295e97e4_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:c58c38ea26dfa2d07d73bdc403c7645574ddc9ee17304fcc5d61ff876dcf6097_arm64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:cd600c6d2f9b7c5f1863586c39f66951d37b0e6098f455c3f65cc9a783d05158_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:d79c7de19d3b751331fc64d53f1ebe27b71ab3a92dda65fa44ddf0e9e7e24bbd_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0719"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:34e91adfb0c4a0ce3be35cefd7c6c585fa866a150629c06c06555c34933f7cbc_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:a314c3e344566e9772b609e5aacffcc78fee8f7d56002f6d9d97d7cba572d6ae_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:a864b9445262878cb0066ae7101c1a1998ce335bb72ce013ac561d19a021eb22_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:91164350574d037eea7f4a456213977fbd34bf78a150e1efa9f58360295e97e4_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:c58c38ea26dfa2d07d73bdc403c7645574ddc9ee17304fcc5d61ff876dcf6097_arm64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:cd600c6d2f9b7c5f1863586c39f66951d37b0e6098f455c3f65cc9a783d05158_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:d79c7de19d3b751331fc64d53f1ebe27b71ab3a92dda65fa44ddf0e9e7e24bbd_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-semver: Regular expression denial of service"
    },
    {
      "cve": "CVE-2023-35116",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2023-06-15T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8723ff82aa53d56530e923340289f549f9cae9d1d66ae6559d07db9535c53c4b_ppc64le",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8c91c79d241c860d9dbf64ad02ce319dd4b4787f7f2c8a14d2d685624806ed04_arm64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:9046593959cf11bc952f5bda39478fd5abc3e7ab5c61a4fdf96d15897aa0d78f_s390x",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:b786a18de43145dbe1ec6a137bf6dbe72adca095146c7158424eda0ad84abd82_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:34e91adfb0c4a0ce3be35cefd7c6c585fa866a150629c06c06555c34933f7cbc_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:a314c3e344566e9772b609e5aacffcc78fee8f7d56002f6d9d97d7cba572d6ae_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:a864b9445262878cb0066ae7101c1a1998ce335bb72ce013ac561d19a021eb22_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:91164350574d037eea7f4a456213977fbd34bf78a150e1efa9f58360295e97e4_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:c58c38ea26dfa2d07d73bdc403c7645574ddc9ee17304fcc5d61ff876dcf6097_arm64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:cd600c6d2f9b7c5f1863586c39f66951d37b0e6098f455c3f65cc9a783d05158_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:d79c7de19d3b751331fc64d53f1ebe27b71ab3a92dda65fa44ddf0e9e7e24bbd_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2215214"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor\u0027s perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-databind: denial of service via cylic dependencies",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This CVE is disputed by the component developers and is under reconsideration by NIST. As such, it should be excluded from scanning utilities or other compliance systems until the dispute is finalized.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:61cdc15df15d08b2d133bc4f8fe31bffbee209de1faf9ccc5cf1285c2a6aca1c_s390x",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8e4b3b5bb06df89b119bb93234aec29660ff03481298074c2f011f74d4c185f0_ppc64le",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c8b896612d3682641298ddd7502cda0ef6425c53b724aa3bfd4a31352c960087_amd64",
          "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:ef4ecb153b4b8b14d63f7d331ffe158b180120e20ce94599e6a7cfa74fa49b6a_arm64"
        ],
        "known_not_affected": [
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8723ff82aa53d56530e923340289f549f9cae9d1d66ae6559d07db9535c53c4b_ppc64le",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8c91c79d241c860d9dbf64ad02ce319dd4b4787f7f2c8a14d2d685624806ed04_arm64",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:9046593959cf11bc952f5bda39478fd5abc3e7ab5c61a4fdf96d15897aa0d78f_s390x",
          "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:b786a18de43145dbe1ec6a137bf6dbe72adca095146c7158424eda0ad84abd82_amd64",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:34e91adfb0c4a0ce3be35cefd7c6c585fa866a150629c06c06555c34933f7cbc_amd64",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:a314c3e344566e9772b609e5aacffcc78fee8f7d56002f6d9d97d7cba572d6ae_ppc64le",
          "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:a864b9445262878cb0066ae7101c1a1998ce335bb72ce013ac561d19a021eb22_s390x",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:91164350574d037eea7f4a456213977fbd34bf78a150e1efa9f58360295e97e4_s390x",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:c58c38ea26dfa2d07d73bdc403c7645574ddc9ee17304fcc5d61ff876dcf6097_arm64",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:cd600c6d2f9b7c5f1863586c39f66951d37b0e6098f455c3f65cc9a783d05158_ppc64le",
          "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:d79c7de19d3b751331fc64d53f1ebe27b71ab3a92dda65fa44ddf0e9e7e24bbd_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-35116"
        },
        {
          "category": "external",
          "summary": "RHBZ#2215214",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215214"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-35116",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-35116"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35116",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35116"
        }
      ],
      "release_date": "2023-06-14T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-02-07T15:32:23+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:61cdc15df15d08b2d133bc4f8fe31bffbee209de1faf9ccc5cf1285c2a6aca1c_s390x",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8e4b3b5bb06df89b119bb93234aec29660ff03481298074c2f011f74d4c185f0_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c8b896612d3682641298ddd7502cda0ef6425c53b724aa3bfd4a31352c960087_amd64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:ef4ecb153b4b8b14d63f7d331ffe158b180120e20ce94599e6a7cfa74fa49b6a_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:0719"
        },
        {
          "category": "workaround",
          "details": "jackson-databind should not be used to deserialize untrusted inputs. User inputs should be validated and sanitized before processing.",
          "product_ids": [
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8723ff82aa53d56530e923340289f549f9cae9d1d66ae6559d07db9535c53c4b_ppc64le",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:8c91c79d241c860d9dbf64ad02ce319dd4b4787f7f2c8a14d2d685624806ed04_arm64",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:9046593959cf11bc952f5bda39478fd5abc3e7ab5c61a4fdf96d15897aa0d78f_s390x",
            "8Base-MTR-1:mtr/mtr-operator-bundle@sha256:b786a18de43145dbe1ec6a137bf6dbe72adca095146c7158424eda0ad84abd82_amd64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:61cdc15df15d08b2d133bc4f8fe31bffbee209de1faf9ccc5cf1285c2a6aca1c_s390x",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8e4b3b5bb06df89b119bb93234aec29660ff03481298074c2f011f74d4c185f0_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c8b896612d3682641298ddd7502cda0ef6425c53b724aa3bfd4a31352c960087_amd64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:ef4ecb153b4b8b14d63f7d331ffe158b180120e20ce94599e6a7cfa74fa49b6a_arm64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:34e91adfb0c4a0ce3be35cefd7c6c585fa866a150629c06c06555c34933f7cbc_amd64",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:a314c3e344566e9772b609e5aacffcc78fee8f7d56002f6d9d97d7cba572d6ae_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-container-rhel8@sha256:a864b9445262878cb0066ae7101c1a1998ce335bb72ce013ac561d19a021eb22_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:91164350574d037eea7f4a456213977fbd34bf78a150e1efa9f58360295e97e4_s390x",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:c58c38ea26dfa2d07d73bdc403c7645574ddc9ee17304fcc5d61ff876dcf6097_arm64",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:cd600c6d2f9b7c5f1863586c39f66951d37b0e6098f455c3f65cc9a783d05158_ppc64le",
            "8Base-MTR-1:mtr/mtr-web-executor-container-rhel8@sha256:d79c7de19d3b751331fc64d53f1ebe27b71ab3a92dda65fa44ddf0e9e7e24bbd_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:61cdc15df15d08b2d133bc4f8fe31bffbee209de1faf9ccc5cf1285c2a6aca1c_s390x",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:8e4b3b5bb06df89b119bb93234aec29660ff03481298074c2f011f74d4c185f0_ppc64le",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:c8b896612d3682641298ddd7502cda0ef6425c53b724aa3bfd4a31352c960087_amd64",
            "8Base-MTR-1:mtr/mtr-rhel8-operator@sha256:ef4ecb153b4b8b14d63f7d331ffe158b180120e20ce94599e6a7cfa74fa49b6a_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "jackson-databind: denial of service via cylic dependencies"
    }
  ]
}

cve-2023-35116

Vulnerability from cvelistv5

Published

2023-06-14 00:00

Modified

2024-08-02 16:23

Severity ?

Summary

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.

References

▼	URL	Tags
	https://github.com/FasterXML/jackson-databind/issues/3972

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T16:23:58.755Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/3972"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor\u0027s perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-26T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/FasterXML/jackson-databind/issues/3972"
        }
      ],
      "tags": [
        "disputed"
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-35116",
    "datePublished": "2023-06-14T00:00:00",
    "dateReserved": "2023-06-13T00:00:00",
    "dateUpdated": "2024-08-02T16:23:58.755Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-25883

Vulnerability from cvelistv5

Published

2023-06-21 05:00

Modified

2024-10-25 13:07

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P

Summary

Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

References

▼	URL	Tags
	https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795
	https://github.com/npm/node-semver/blob/main/internal/re.js%23L160
	https://github.com/npm/node-semver/blob/main/internal/re.js%23L138
	https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104
	https://github.com/npm/node-semver/pull/564
	https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441

Impacted products

▼	Vendor	Product
	n/a	semver

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-10-25T13:07:28.542Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/npm/node-semver/blob/main/internal/re.js%23L160"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/npm/node-semver/blob/main/internal/re.js%23L138"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/npm/node-semver/pull/564"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20241025-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "semver",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "7.5.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Alessio Della Libera - Snyk Research Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.\r\r\r"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "Regular Expression Denial of Service (ReDoS)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-21T05:00:03.352Z",
        "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "shortName": "snyk"
      },
      "references": [
        {
          "url": "https://security.snyk.io/vuln/SNYK-JS-SEMVER-3247795"
        },
        {
          "url": "https://github.com/npm/node-semver/blob/main/internal/re.js%23L160"
        },
        {
          "url": "https://github.com/npm/node-semver/blob/main/internal/re.js%23L138"
        },
        {
          "url": "https://github.com/npm/node-semver/blob/main/classes/range.js%23L97-L104"
        },
        {
          "url": "https://github.com/npm/node-semver/pull/564"
        },
        {
          "url": "https://github.com/npm/node-semver/commit/717534ee353682f3bcf33e60a8af4292626d4441"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
    "assignerShortName": "snyk",
    "cveId": "CVE-2022-25883",
    "datePublished": "2023-06-21T05:00:03.352Z",
    "dateReserved": "2022-02-24T11:58:25.192Z",
    "dateUpdated": "2024-10-25T13:07:28.542Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

rhsa-2024_0719

Vulnerability from csaf_redhat

cve-2023-35116

Vulnerability from cvelistv5

cve-2022-25883

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature