Vulnerability-Lookup

RHSA-2024_10236

Vulnerability from csaf_redhat - Published: 2024-11-25 19:44 - Updated: 2024-12-18 04:35

Summary

Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.17.0 release

Severity

Important

Notes

Topic: Red Hat OpenShift Dev Spaces 3.17 has been released. All containers have been updated to include feature enhancements, bug fixes and CVE fixes. This includes fixes to Critical CVE-2024-21534. Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.

Details: Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development. The 3.17 release is based on Eclipse Che 7.92 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2. This release provides fixes for CVE-2024-21534, CVE-2024-29415, CVE-2024-34156, CVE-2024-45296, CVE-2024-45813, CVE-2024-47875, and CVE-2024-48949. CVE-2024-29415 addresses an incomplete fix for CVE-2023-42282. Users still using the v1 standard should migrate as soon as possible. https://devfile.io/docs/2.2.0/migrating-to-devfile-v2 Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. https://access.redhat.com/support/policy/updates/openshift#crw

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2023-42282

A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic() function by inducing a Server-Side Request Forgery (SSRF) attack and obtaining access to normally inaccessible resources.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le	—	Vendor Fix fix Workaround

Known not affected 31 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64	—	Workaround

Threats

Impact Important

CVE-2024-21534

A flaw was found in jsonpath-plus. This vulnerability allows remote code execution via improper input sanitisation and unsafe default usage of the vm module in Node.js. Attackers can exploit this by executing arbitrary code through the unsafe use of the vm module in Node.js, which allows for malicious code injection. This issue occurs due to the way jsonpath-plus evaluates JSON paths using vm, a Node.js module that allows code execution. If user input is not properly sanitized, an attacker can craft JSON paths that execute dangerous commands, such as reading sensitive files.

4.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x	—	Vendor Fix fix Workaround

Known not affected 28 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64	—	Workaround

Threats

Impact Low

CVE-2024-29415

A flaw was found in node-ip. The fix for CVE-2023-42282 in the ip package for Node.js was incomplete, and the issue may still be triggered using some IP addresses.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le	—	Vendor Fix fix Workaround

Known not affected 31 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64	—	Workaround

Threats

Impact Important

CVE-2024-34156

A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-674 - Uncontrolled Recursion

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64	—	Vendor Fix fix Workaround

Known not affected 31 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le	—	Workaround

Threats

Impact Important

CVE-2024-45296

A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x	—	Vendor Fix fix Workaround

Known not affected 31 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64	—	Workaround

Threats

Impact Moderate

CVE-2024-45813

A regular expression denial of service (ReDoS) flaw was found in find-my-way. A bad regular expression is generated any time one has two parameters within a single segment, when adding a `-` at the end, such as `/:a-:b-`. This issue may cause a denial of service in some instances.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x	—	Vendor Fix fix Workaround

Known not affected 31 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64	—	Workaround

Threats

Impact Moderate

CVE-2024-47875

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.

8.0 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le	—	Vendor Fix fix Workaround

Known not affected 31 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64	—	Workaround

Threats

Impact Important

CVE-2024-48949

A flaw was found in the Elliptic package. This vulnerability allows attackers to bypass EDDSA signature validation via improper handling of signature values where the S() component of the signature is not properly checked for being non-negative or smaller than the curve order.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE-347 - Improper Verification of Cryptographic Signature

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x	—	Vendor Fix fix Workaround

Known not affected 31 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64	—	Workaround

Threats

Impact Important

References

63 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:10236	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2265161	external
https://bugzilla.redhat.com/show_bug.cgi?id=2284554	external
https://bugzilla.redhat.com/show_bug.cgi?id=2310528	external
https://bugzilla.redhat.com/show_bug.cgi?id=2310908	external
https://bugzilla.redhat.com/show_bug.cgi?id=2313383	external
https://bugzilla.redhat.com/show_bug.cgi?id=2317724	external
https://bugzilla.redhat.com/show_bug.cgi?id=2317968	external
https://bugzilla.redhat.com/show_bug.cgi?id=2318052	external
https://issues.redhat.com/browse/CRW-7528	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2023-42282	self
https://bugzilla.redhat.com/show_bug.cgi?id=2265161	external
https://www.cve.org/CVERecord?id=CVE-2023-42282	external
https://nvd.nist.gov/vuln/detail/CVE-2023-42282	external
https://cosmosofcyberspace.github.io/npm_ip_cve/n…	external
https://access.redhat.com/security/cve/CVE-2024-21534	self
https://bugzilla.redhat.com/show_bug.cgi?id=2317968	external
https://www.cve.org/CVERecord?id=CVE-2024-21534	external
https://nvd.nist.gov/vuln/detail/CVE-2024-21534	external
https://github.com/JSONPath-Plus/JSONPath/commit/…	external
https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLU…	external
https://access.redhat.com/security/cve/CVE-2024-29415	self
https://bugzilla.redhat.com/show_bug.cgi?id=2284554	external
https://www.cve.org/CVERecord?id=CVE-2024-29415	external
https://nvd.nist.gov/vuln/detail/CVE-2024-29415	external
https://access.redhat.com/security/cve/CVE-2024-34156	self
https://bugzilla.redhat.com/show_bug.cgi?id=2310528	external
https://www.cve.org/CVERecord?id=CVE-2024-34156	external
https://nvd.nist.gov/vuln/detail/CVE-2024-34156	external
https://go.dev/cl/611239	external
https://go.dev/issue/69139	external
https://groups.google.com/g/golang-dev/c/S9POB9NCTdk	external
https://pkg.go.dev/vuln/GO-2024-3106	external
https://access.redhat.com/security/cve/CVE-2024-45296	self
https://bugzilla.redhat.com/show_bug.cgi?id=2310908	external
https://www.cve.org/CVERecord?id=CVE-2024-45296	external
https://nvd.nist.gov/vuln/detail/CVE-2024-45296	external
https://github.com/pillarjs/path-to-regexp/commit…	external
https://github.com/pillarjs/path-to-regexp/commit…	external
https://github.com/pillarjs/path-to-regexp/securi…	external
https://access.redhat.com/security/cve/CVE-2024-45813	self
https://bugzilla.redhat.com/show_bug.cgi?id=2313383	external
https://www.cve.org/CVERecord?id=CVE-2024-45813	external
https://nvd.nist.gov/vuln/detail/CVE-2024-45813	external
https://blakeembrey.com/posts/2024-09-web-redos	external
https://github.com/delvedor/find-my-way/commit/5e…	external
https://github.com/delvedor/find-my-way/security/…	external
https://access.redhat.com/security/cve/CVE-2024-47875	self
https://bugzilla.redhat.com/show_bug.cgi?id=2318052	external
https://www.cve.org/CVERecord?id=CVE-2024-47875	external
https://nvd.nist.gov/vuln/detail/CVE-2024-47875	external
https://github.com/cure53/DOMPurify/blob/0ef5e537…	external
https://github.com/cure53/DOMPurify/commit/0ef5e5…	external
https://github.com/cure53/DOMPurify/commit/6ea80c…	external
https://github.com/cure53/DOMPurify/security/advi…	external
https://access.redhat.com/security/cve/CVE-2024-48949	self
https://bugzilla.redhat.com/show_bug.cgi?id=2317724	external
https://www.cve.org/CVERecord?id=CVE-2024-48949	external
https://nvd.nist.gov/vuln/detail/CVE-2024-48949	external
https://github.com/indutny/elliptic/commit/7ac536…	external
https://github.com/indutny/elliptic/compare/v6.5.…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Dev Spaces 3.17 has been released.\n\nAll containers have been updated to include feature enhancements, bug fixes and CVE fixes. This includes fixes to Critical CVE-2024-21534.\n\nFollowing the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\n\nThe 3.17 release is based on Eclipse Che 7.92 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\n\nThis release provides fixes for CVE-2024-21534, CVE-2024-29415, CVE-2024-34156, CVE-2024-45296, CVE-2024-45813, CVE-2024-47875, and CVE-2024-48949. CVE-2024-29415 addresses an incomplete fix for CVE-2023-42282.\n\nUsers still using the v1 standard should migrate as soon as possible.\n\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\n\nDev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. \n\nhttps://access.redhat.com/support/policy/updates/openshift#crw",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:10236",
        "url": "https://access.redhat.com/errata/RHSA-2024:10236"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2265161",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161"
      },
      {
        "category": "external",
        "summary": "2284554",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284554"
      },
      {
        "category": "external",
        "summary": "2310528",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
      },
      {
        "category": "external",
        "summary": "2310908",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908"
      },
      {
        "category": "external",
        "summary": "2313383",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313383"
      },
      {
        "category": "external",
        "summary": "2317724",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317724"
      },
      {
        "category": "external",
        "summary": "2317968",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317968"
      },
      {
        "category": "external",
        "summary": "2318052",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318052"
      },
      {
        "category": "external",
        "summary": "CRW-7528",
        "url": "https://issues.redhat.com/browse/CRW-7528"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10236.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.17.0 release",
    "tracking": {
      "current_release_date": "2024-12-18T04:35:59+00:00",
      "generator": {
        "date": "2024-12-18T04:35:59+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2024:10236",
      "initial_release_date": "2024-11-25T19:44:38+00:00",
      "revision_history": [
        {
          "date": "2024-11-25T19:44:38+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-11-25T19:44:38+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-18T04:35:59+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Dev Spaces 3",
                "product": {
                  "name": "Red Hat OpenShift Dev Spaces 3",
                  "product_id": "8Base-RHOSDS-3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_devspaces:3::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Dev Spaces"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
                "product": {
                  "name": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
                  "product_id": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.17-19"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
                "product": {
                  "name": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
                  "product_id": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.17-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
                "product": {
                  "name": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
                  "product_id": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.17-25"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
                "product": {
                  "name": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
                  "product_id": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/idea-rhel8\u0026tag=latest"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
                "product": {
                  "name": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
                  "product_id": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.17-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
                "product": {
                  "name": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
                  "product_id": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=latest"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
                "product": {
                  "name": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
                  "product_id": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.17-59"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
                "product": {
                  "name": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
                  "product_id": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.17-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
                "product": {
                  "name": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
                  "product_id": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.17-20"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
                "product": {
                  "name": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
                  "product_id": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=latest"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
                "product": {
                  "name": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
                  "product_id": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.17-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64",
                "product": {
                  "name": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64",
                  "product_id": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.17-9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
                "product": {
                  "name": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
                  "product_id": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.17-19"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
                "product": {
                  "name": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
                  "product_id": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.17-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
                "product": {
                  "name": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
                  "product_id": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.17-25"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
                "product": {
                  "name": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
                  "product_id": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.17-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
                "product": {
                  "name": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
                  "product_id": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=latest"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
                "product": {
                  "name": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
                  "product_id": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.17-59"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
                "product": {
                  "name": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
                  "product_id": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.17-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
                "product": {
                  "name": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
                  "product_id": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.17-20"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
                "product": {
                  "name": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
                  "product_id": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=latest"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
                "product": {
                  "name": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
                  "product_id": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.17-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
                "product": {
                  "name": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
                  "product_id": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.17-9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
                "product": {
                  "name": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
                  "product_id": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.17-19"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
                "product": {
                  "name": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
                  "product_id": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.17-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
                "product": {
                  "name": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
                  "product_id": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.17-25"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
                "product": {
                  "name": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
                  "product_id": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.17-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
                "product": {
                  "name": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
                  "product_id": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=latest"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
                "product": {
                  "name": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
                  "product_id": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.17-59"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
                "product": {
                  "name": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
                  "product_id": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.17-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
                "product": {
                  "name": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
                  "product_id": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.17-20"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
                "product": {
                  "name": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
                  "product_id": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=latest"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
                "product": {
                  "name": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
                  "product_id": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.17-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
                "product": {
                  "name": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
                  "product_id": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.17-9"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x"
        },
        "product_reference": "devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64"
        },
        "product_reference": "devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le"
        },
        "product_reference": "devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64"
        },
        "product_reference": "devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le"
        },
        "product_reference": "devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x"
        },
        "product_reference": "devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le"
        },
        "product_reference": "devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64"
        },
        "product_reference": "devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x"
        },
        "product_reference": "devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le"
        },
        "product_reference": "devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x"
        },
        "product_reference": "devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64"
        },
        "product_reference": "devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le"
        },
        "product_reference": "devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64"
        },
        "product_reference": "devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x"
        },
        "product_reference": "devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64"
        },
        "product_reference": "devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64"
        },
        "product_reference": "devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le"
        },
        "product_reference": "devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x"
        },
        "product_reference": "devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le"
        },
        "product_reference": "devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x"
        },
        "product_reference": "devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64"
        },
        "product_reference": "devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le"
        },
        "product_reference": "devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x"
        },
        "product_reference": "devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64"
        },
        "product_reference": "devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64"
        },
        "product_reference": "devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le"
        },
        "product_reference": "devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x"
        },
        "product_reference": "devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64"
        },
        "product_reference": "devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x"
        },
        "product_reference": "devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le"
        },
        "product_reference": "devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x"
        },
        "product_reference": "devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le"
        },
        "product_reference": "devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
        },
        "product_reference": "devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-42282",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2024-02-20T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2265161"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the NPM IP Package. This flaw allows an attacker to perform arbitrary code execution and obtain sensitive information via the isPublic() function by inducing a Server-Side Request Forgery (SSRF) attack and obtaining access to normally inaccessible resources.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-ip: arbitrary code execution via the isPublic() function",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "It appears that npm does not utilize the bundled code therefore Red Hat Enterprise Linux is not affected by this vulnerability.\n\nWhile the vulnerability in the NPM IP Package presents a significant security concern, it\u0027s categorized as important rather than critical due to several factors. Firstly, the misclassification of the private IP address 0x7f.1 as public by the isPublic() function does not directly lead to remote code execution or unauthorized access to critical systems. Instead, it facilitates SSRF attacks, which typically require additional conditions to fully exploit, such as the ability to influence server-side requests and responses. Additionally, the impact of SSRF attacks can vary depending on the specific environment and configuration of the affected system. While SSRF attacks can potentially lead to data exposure, service disruption, or lateral movement within a network, their severity is often mitigated by factors such as network segmentation, access controls, and the availability of sensitive resources.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le"
        ],
        "known_not_affected": [
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
          "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-42282"
        },
        {
          "category": "external",
          "summary": "RHBZ#2265161",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265161"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-42282",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42282"
        },
        {
          "category": "external",
          "summary": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html",
          "url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html"
        }
      ],
      "release_date": "2024-02-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-11-25T19:44:38+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:10236"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "nodejs-ip: arbitrary code execution via the isPublic() function"
    },
    {
      "cve": "CVE-2024-21534",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2024-10-11T06:00:50.977825+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2317968"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in jsonpath-plus. This vulnerability allows remote code execution via improper input sanitisation and unsafe default usage of the vm module in Node.js. Attackers can exploit this by executing arbitrary code through the unsafe use of the vm module in Node.js, which allows for malicious code injection. This issue occurs due to the way jsonpath-plus evaluates JSON paths using vm, a Node.js module that allows code execution. If user input is not properly sanitized, an attacker can craft JSON paths that execute dangerous commands, such as reading sensitive files.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jsonpath-plus: Remote Code Execution in jsonpath-plus via Improper Input Sanitization",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The vulnerability has been addressed, however, it is important to note that the unsafe behavior is still present but is no longer enabled by default. Developers using older versions or relying on this unsafe behavior could still be at risk.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x"
        ],
        "known_not_affected": [
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
          "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-21534"
        },
        {
          "category": "external",
          "summary": "RHBZ#2317968",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317968"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21534",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21534"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21534",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21534"
        },
        {
          "category": "external",
          "summary": "https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3",
          "url": "https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884",
          "url": "https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884"
        }
      ],
      "release_date": "2024-10-11T05:00:01.824000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-11-25T19:44:38+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:10236"
        },
        {
          "category": "workaround",
          "details": "Red Hat Product Security recommends updating the vulnerable software to the latest version.",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "jsonpath-plus: Remote Code Execution in jsonpath-plus via Improper Input Sanitization"
    },
    {
      "cve": "CVE-2024-29415",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2024-05-27T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2284554"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in node-ip. The fix for CVE-2023-42282 in the ip package for Node.js was incomplete, and the issue may still be triggered using some IP addresses.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "node-ip: Incomplete fix for CVE-2023-42282",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For CVE-2023-42282, npm does not utilize the bundled code, therefore Red Hat Enterprise Linux is not affected by this vulnerability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le"
        ],
        "known_not_affected": [
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
          "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-29415"
        },
        {
          "category": "external",
          "summary": "RHBZ#2284554",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2284554"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29415",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29415",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29415"
        },
        {
          "category": "external",
          "summary": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html",
          "url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html"
        }
      ],
      "release_date": "2024-02-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-11-25T19:44:38+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:10236"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "node-ip: Incomplete fix for CVE-2023-42282"
    },
    {
      "cve": "CVE-2024-34156",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "discovery_date": "2024-09-06T21:20:09.377905+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2310528"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the encoding/gob package of the Golang standard library. Calling Decoder.Decoding, a message that contains deeply nested structures, can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability in Go\u0027s `encoding/gob` package is of high severity because it exposes applications to potential Denial of Service (DoS) attacks through stack exhaustion. Since `gob` relies on recursive function calls to decode nested structures, an attacker could exploit this by sending crafted messages with excessively deep nesting, causing the application to panic due to stack overflow. This risk is particularly important in scenarios where untrusted or external input is processed, as it can lead to system unavailability or crashes, undermining the reliability and availability of services.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
        ],
        "known_not_affected": [
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
          "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-34156"
        },
        {
          "category": "external",
          "summary": "RHBZ#2310528",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310528"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-34156",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-34156"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34156"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/611239",
          "url": "https://go.dev/cl/611239"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/69139",
          "url": "https://go.dev/issue/69139"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk",
          "url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2024-3106",
          "url": "https://pkg.go.dev/vuln/GO-2024-3106"
        }
      ],
      "release_date": "2024-09-06T21:15:12.020000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-11-25T19:44:38+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:10236"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion"
    },
    {
      "cve": "CVE-2024-45296",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2024-09-09T19:20:18.127723+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2310908"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "path-to-regexp: Backtracking regular expressions cause ReDoS",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x"
        ],
        "known_not_affected": [
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
          "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-45296"
        },
        {
          "category": "external",
          "summary": "RHBZ#2310908",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296"
        },
        {
          "category": "external",
          "summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f",
          "url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f"
        },
        {
          "category": "external",
          "summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6",
          "url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6"
        },
        {
          "category": "external",
          "summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j",
          "url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j"
        }
      ],
      "release_date": "2024-09-09T19:15:13.330000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-11-25T19:44:38+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:10236"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "path-to-regexp: Backtracking regular expressions cause ReDoS"
    },
    {
      "cve": "CVE-2024-45813",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2024-09-18T17:20:11.964011+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2313383"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A regular expression denial of service (ReDoS) flaw was found in find-my-way. A bad regular expression is generated any time one has two parameters within a single segment, when adding a `-` at the end, such as `/:a-:b-`. This issue may cause a denial of service in some instances.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "find-my-way: ReDoS vulnerability in multiparametric routes",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x"
        ],
        "known_not_affected": [
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
          "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-45813"
        },
        {
          "category": "external",
          "summary": "RHBZ#2313383",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313383"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45813",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45813"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45813",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45813"
        },
        {
          "category": "external",
          "summary": "https://blakeembrey.com/posts/2024-09-web-redos",
          "url": "https://blakeembrey.com/posts/2024-09-web-redos"
        },
        {
          "category": "external",
          "summary": "https://github.com/delvedor/find-my-way/commit/5e9e0eb5d8d438e06a185d5e536a896572dd0440",
          "url": "https://github.com/delvedor/find-my-way/commit/5e9e0eb5d8d438e06a185d5e536a896572dd0440"
        },
        {
          "category": "external",
          "summary": "https://github.com/delvedor/find-my-way/security/advisories/GHSA-rrr8-f88r-h8q6",
          "url": "https://github.com/delvedor/find-my-way/security/advisories/GHSA-rrr8-f88r-h8q6"
        }
      ],
      "release_date": "2024-09-18T17:15:19.163000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-11-25T19:44:38+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:10236"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "find-my-way: ReDoS vulnerability in multiparametric routes"
    },
    {
      "cve": "CVE-2024-47875",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2024-10-11T15:20:07.304345+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2318052"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "dompurify: nesting-based mutation XSS vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le"
        ],
        "known_not_affected": [
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
          "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-47875"
        },
        {
          "category": "external",
          "summary": "RHBZ#2318052",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318052"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-47875",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-47875"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47875",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47875"
        },
        {
          "category": "external",
          "summary": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098",
          "url": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098"
        },
        {
          "category": "external",
          "summary": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f",
          "url": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f"
        },
        {
          "category": "external",
          "summary": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a",
          "url": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a"
        },
        {
          "category": "external",
          "summary": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf",
          "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf"
        }
      ],
      "release_date": "2024-10-11T15:15:05.860000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-11-25T19:44:38+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:10236"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "dompurify: nesting-based mutation XSS vulnerability"
    },
    {
      "cve": "CVE-2024-48949",
      "cwe": {
        "id": "CWE-347",
        "name": "Improper Verification of Cryptographic Signature"
      },
      "discovery_date": "2024-10-10T01:00:37.956974+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2317724"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the Elliptic package. This vulnerability allows attackers to bypass EDDSA signature validation via improper handling of signature values where the S() component of the signature is not properly checked for being non-negative or smaller than the curve order.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "elliptic: Missing Validation in Elliptic\u0027s EDDSA Signature Verification",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Thunderbird is not supported in Red Hat Enterprise Linux 7 ELS.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x"
        ],
        "known_not_affected": [
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
          "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-48949"
        },
        {
          "category": "external",
          "summary": "RHBZ#2317724",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317724"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-48949",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-48949"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-48949",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48949"
        },
        {
          "category": "external",
          "summary": "https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281",
          "url": "https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281"
        },
        {
          "category": "external",
          "summary": "https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.6",
          "url": "https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.6"
        }
      ],
      "release_date": "2024-10-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-11-25T19:44:38+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:10236"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:1661e168db3b442b9de9023fb55261c1549fd034f42ab0ab0b04ad4ec7394ec0_s390x",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:2a4deccbc7b8c5bc53f2fde315ccd93e7f2c2022e9288f7a93ed642feb808dc1_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7d8ade3bd7749389768efe998e8abb926e711863709366b4cb272f9139426cb3_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:175d0c7a1c89f6405528dbe16e7d5fe3efa2475b93182c7d7c0a5e0e15b3d292_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:b99750c52fed441b2faf995a7eb3bfe83aad853d9e9ae26f2556f5efd2fce662_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:fc0165f7dc4e44da73898ff0db8f3f174d1c04f3b7c068398d88b9ce5a0289b6_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:20428bc20147f9c7f0f99aa5f2f8e711e36e82a080df2701e7c7cdd247e839ad_ppc64le",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:95302249f869bd80308548a63683bb892ca40e876561fea204169f405bb220e7_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:adddc36181deb1e31265d234ae6c79da78960dd153e086b0a7f7a0284243676c_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:4918d11864a079f3c6bd3f5e39326c34eec2a528f64a4fe3b5f35d99507dbfe2_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c667834c64b1b67d41637f7fa854c1eb105cef5276113e4b848f1f4c206d20e8_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:c881a85b40057e057c5346fca66c787d4fe588ccb34893b88e40fcdf8747ace1_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:25c5bbe58c746a3d4d41b90f04026728c001ab8e3dddf61523d0830b0097455b_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:4a616290ed8f7ff7dc4ad5ba5c4768e01a1f235bd367e255a873d7dde896d90e_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:863213cda25827e6fc1d9167740587ccfcacf2dd0042e810d87193be8be5ae00_s390x",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:d256172baee177866046ea38a6b4e1a59c910b602bcdfbcba335f4db3e96fac0_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:135de7c6261a9a7bb2c494c01d23c991f20985103feb00691f7c7a0ee55a0e56_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:338d93fda80d0c86e58807f9f0909d8b1ddbc8693076619b3a32ea23c0142cff_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:a983f5c523406a811ebcefbf855e378dfb99356b529a5f0f6027b852a147ed53_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:602db7874132ce8e37e4399a38e9e7806123071c33a13c2efacdfe5465f41147_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d3b118c414b28deef0d2bb1305208b7e3727f3431f49f1dd1e5902468281bc65_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:d892d008651e973127665947e9ece200bca3294dbc147f4a02c09302dd18da91_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:a1c52cd0e68cbb12d3b80445631857fb95b7400db8c8ad092bda99493c56e913_ppc64le",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:be18a2a7149ccbf20657598d109858e24a1c950fc2e883e99eaa09d8326ba440_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:d49599eac56dced469441e255c7f8dfdeb5a119049e914b17a3aa386cbf6d384_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:6b6a0ede706aa650e40ff3592cb8f045c91cbdcbe06b6e0b3b71b617151391af_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:81e1327cdcd4af6c801db90e4ef998f6b4701a5b3a73464ae2448bc23c83e334_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:86485aeaef5e5f881fe04d622e00c18a7a548d83d56769435cead5e5765ec031_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:00da91880194659c5b62835590cd31d7c80b8a9e5ce7575a7dc4e3f6741b8a81_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:d613c45bc0586d7c5c9ca48742ff647111b43d842f15278ec83b86cb84246c67_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:fbf8735d035e53c538d9b6eab5a875d4c0a634c7b5c61010caebb8aa2622ef3c_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:538541d44c663c8dc78353ab6bf6f64d0ee124ec7ba7fbbe767ebe221f86a5fc_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:68fb1404dc083c8726843c1bdda0e9ee7fd14023eaf2637e3efe9d7356f426ca_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:77a5001120df3d8890af1e3cfbb891767810b977c9d2a111c781564e992aea65_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "elliptic: Missing Validation in Elliptic\u0027s EDDSA Signature Verification"
    }
  ]
}

CVE-2024-21534 (GCVE-0-2024-21534)

Vulnerability from cvelistv5 – Published: 2024-10-11 05:00 – Updated: 2024-11-18 10:37

Summary

All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node. **Note:** There were several attempts to fix it in versions [10.0.0-10.1.0](https://github.com/JSONPath-Plus/JSONPath/compare/v9.0.0...v10.1.0) but it could still be exploited using [different payloads](https://github.com/JSONPath-Plus/JSONPath/issues/226).

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P

CWE

CWE-94 - Remote Code Execution (RCE)

Assigner

snyk

References

4 references

URL	Tags
https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLU…
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJAR…
https://github.com/JSONPath-Plus/JSONPath/compare…
https://github.com/JSONPath-Plus/JSONPath/issues/226

Impacted products

2 products

Vendor	Product	Version
n/a	jsonpath-plus	Affected: 0 , < * (semver)
n/a	org.webjars.npm:jsonpath-plus	Affected: 0 , < * (semver)

Credits

Andrea Angelo Raineri

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:jsonpath-plus:jsonpath:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jsonpath",
            "vendor": "jsonpath-plus",
            "versions": [
              {
                "lessThan": "10.0.7",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21534",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-11T14:23:05.262400Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-94",
                "description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T19:13:34.790Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jsonpath-plus",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "product": "org.webjars.npm:jsonpath-plus",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Andrea Angelo Raineri"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "All versions of the package jsonpath-plus are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of vm in Node.\r\r**Note:**\r\rThere were several attempts to fix it in versions [10.0.0-10.1.0](https://github.com/JSONPath-Plus/JSONPath/compare/v9.0.0...v10.1.0) but it could still be exploited using [different payloads](https://github.com/JSONPath-Plus/JSONPath/issues/226)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Remote Code Execution (RCE)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-18T10:37:45.634Z",
        "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "shortName": "snyk"
      },
      "references": [
        {
          "url": "https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884"
        },
        {
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8185019"
        },
        {
          "url": "https://github.com/JSONPath-Plus/JSONPath/compare/v9.0.0...v10.1.0"
        },
        {
          "url": "https://github.com/JSONPath-Plus/JSONPath/issues/226"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
    "assignerShortName": "snyk",
    "cveId": "CVE-2024-21534",
    "datePublished": "2024-10-11T05:00:01.824Z",
    "dateReserved": "2023-12-22T12:33:20.123Z",
    "dateUpdated": "2024-11-18T10:37:45.634Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-48949 (GCVE-0-2024-48949)

Vulnerability from cvelistv5 – Published: 2024-10-10 00:00 – Updated: 2025-11-25 15:42

Summary

The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits "sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()" validation.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

Assigner

mitre

References

3 references

URL	Tags
https://github.com/indutny/elliptic/commit/7ac536…
https://github.com/indutny/elliptic/compare/v6.5.…
https://blog.trailofbits.com/2025/11/18/we-found-…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-48949",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-10T20:20:12.636633Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-347",
                "description": "CWE-347 Improper Verification of Cryptographic Signature",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-25T16:10:41.890Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-12-27T16:03:06.432Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20241227-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The verify function in lib/elliptic/eddsa/index.js in the Elliptic package before 6.5.6 for Node.js omits \"sig.S().gte(sig.eddsa.curve.n) || sig.S().isNeg()\" validation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-25T15:42:12.721Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/indutny/elliptic/commit/7ac5360118f74eb02da73bdf9f24fd0c72ff5281"
        },
        {
          "url": "https://github.com/indutny/elliptic/compare/v6.5.5...v6.5.6"
        },
        {
          "url": "https://blog.trailofbits.com/2025/11/18/we-found-cryptography-bugs-in-the-elliptic-library-using-wycheproof/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-48949",
    "datePublished": "2024-10-10T00:00:00.000Z",
    "dateReserved": "2024-10-10T00:00:00.000Z",
    "dateUpdated": "2025-11-25T15:42:12.721Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-29415 (GCVE-0-2024-29415)

Vulnerability from cvelistv5 – Published: 2024-05-27 20:04 – Updated: 2025-02-13 15:47

Summary

The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

mitre

References

3 references

URL	Tags
https://github.com/indutny/node-ip/pull/143
https://github.com/indutny/node-ip/pull/144
https://github.com/indutny/node-ip/issues/150

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-01-17T20:02:53.716Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/indutny/node-ip/pull/143"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/indutny/node-ip/pull/144"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/indutny/node-ip/issues/150"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250117-0010/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fedorindutny:ip:*:*:*:*:*:node.js:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "ip",
            "vendor": "fedorindutny",
            "versions": [
              {
                "lessThan": "2.0.1",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.1,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-29415",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-16T04:01:46.879141Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-918",
                "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-941",
                "description": "CWE-941 Incorrectly Specified Destination in a Communication Channel",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-16T13:39:39.225Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2023-42282."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-27T20:08:01.985Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/indutny/node-ip/pull/143"
        },
        {
          "url": "https://github.com/indutny/node-ip/pull/144"
        },
        {
          "url": "https://github.com/indutny/node-ip/issues/150"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-29415",
    "datePublished": "2024-05-27T20:04:14.756Z",
    "dateReserved": "2024-03-19T00:00:00.000Z",
    "dateUpdated": "2025-02-13T15:47:46.180Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-34156 (GCVE-0-2024-34156)

Vulnerability from cvelistv5 – Published: 2024-09-06 20:42 – Updated: 2024-09-26 15:03

Title

Stack exhaustion in Decoder.Decode in encoding/gob

Summary

Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-674 - Uncontrolled Recursion

Assigner

References

4 references

URL	Tags
https://go.dev/cl/611239
https://go.dev/issue/69139
https://groups.google.com/g/golang-dev/c/S9POB9NCTdk
https://pkg.go.dev/vuln/GO-2024-3106

Impacted products

1 product

Vendor	Product	Version
Go standard library	encoding/gob	Affected: 0 , < 1.22.7 (semver) Affected: 1.23.0-0 , < 1.23.1 (semver)

Credits

Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:go_standard_library:encoding\\/gob:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "encoding\\/gob",
            "vendor": "go_standard_library",
            "versions": [
              {
                "lessThan": "1.22.7",
                "status": "affected",
                "version": "0",
                "versionType": "semver"
              },
              {
                "lessThan": "1.23.1",
                "status": "affected",
                "version": "1.23.0-0",
                "versionType": "semver"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-34156",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T14:04:16.338747Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T14:29:46.867Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-09-26T15:03:08.203Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20240926-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "encoding/gob",
          "product": "encoding/gob",
          "programRoutines": [
            {
              "name": "Decoder.decIgnoreOpFor"
            },
            {
              "name": "Decoder.Decode"
            },
            {
              "name": "Decoder.DecodeValue"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.22.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.23.1",
              "status": "affected",
              "version": "1.23.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Md Sakib Anwar of The Ohio State University (anwar.40@osu.edu)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-06T20:42:42.661Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/611239"
        },
        {
          "url": "https://go.dev/issue/69139"
        },
        {
          "url": "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2024-3106"
        }
      ],
      "title": "Stack exhaustion in Decoder.Decode in encoding/gob"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2024-34156",
    "datePublished": "2024-09-06T20:42:42.661Z",
    "dateReserved": "2024-05-01T18:45:34.846Z",
    "dateUpdated": "2024-09-26T15:03:08.203Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-47875 (GCVE-0-2024-47875)

Vulnerability from cvelistv5 – Published: 2024-10-11 14:59 – Updated: 2025-11-03 20:40

Title

DOMPurify nesting-based mXSS

Summary

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.

Severity ?

10 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/cure53/DOMPurify/security/advi…	x_refsource_CONFIRM
https://github.com/cure53/DOMPurify/commit/0ef5e5…	x_refsource_MISC
https://github.com/cure53/DOMPurify/commit/6ea80c…	x_refsource_MISC
https://github.com/cure53/DOMPurify/blob/0ef5e537…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
cure53	DOMPurify	Affected: < 2.5.0 Affected: < 3.1.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-47875",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-11T19:27:35.590076Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-11T19:27:57.706Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T20:40:56.817Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://seclists.org/fulldisclosure/2025/Apr/14"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00010.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "DOMPurify",
          "vendor": "cure53",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.5.0"
            },
            {
              "status": "affected",
              "version": "\u003c 3.1.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 10,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-11T14:59:27.641Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf"
        },
        {
          "name": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f"
        },
        {
          "name": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a"
        },
        {
          "name": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098"
        }
      ],
      "source": {
        "advisory": "GHSA-gx9m-whjm-85jf",
        "discovery": "UNKNOWN"
      },
      "title": "DOMPurify nesting-based mXSS"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-47875",
    "datePublished": "2024-10-11T14:59:27.641Z",
    "dateReserved": "2024-10-04T16:00:09.630Z",
    "dateUpdated": "2025-11-03T20:40:56.817Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-42282 (GCVE-0-2023-42282)

Vulnerability from cvelistv5 – Published: 2024-02-08 00:00 – Updated: 2025-05-15 19:42

Summary

The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

mitre

References

5 references

URL	Tags
https://cosmosofcyberspace.github.io/npm_ip_cve/n…
https://github.com/indutny/node-ip/commit/6a3ada9…
https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afa…
https://security.netapp.com/advisory/ntap-2024031…
https://www.bleepingcomputer.com/news/security/de…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T19:16:51.020Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240315-0008/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-42282",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-08T15:58:36.885808Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-918",
                "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-15T19:42:13.205Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-03T21:53:10.340Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html"
        },
        {
          "url": "https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894"
        },
        {
          "url": "https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240315-0008/"
        },
        {
          "url": "https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-42282",
    "datePublished": "2024-02-08T00:00:00.000Z",
    "dateReserved": "2023-09-08T00:00:00.000Z",
    "dateUpdated": "2025-05-15T19:42:13.205Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45296 (GCVE-0-2024-45296)

Vulnerability from cvelistv5 – Published: 2024-09-09 19:07 – Updated: 2025-01-24 20:03

Title

path-to-regexp outputs backtracking regular expressions

Summary

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-1333 - Inefficient Regular Expression Complexity

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/pillarjs/path-to-regexp/securi…	x_refsource_CONFIRM
https://github.com/pillarjs/path-to-regexp/commit…	x_refsource_MISC
https://github.com/pillarjs/path-to-regexp/commit…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
pillarjs	path-to-regexp	Affected: < 0.1.10 Affected: >= 0.2.0, < 8.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:pillarjs:path-to-regexp:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "path-to-regexp",
            "vendor": "pillarjs",
            "versions": [
              {
                "lessThan": "0.1.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              },
              {
                "lessThan": "8.0.0",
                "status": "affected",
                "version": "0.2.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45296",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T19:32:57.513942Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T19:38:12.783Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-01-24T20:03:07.723Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250124-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "path-to-regexp",
          "vendor": "pillarjs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.1.10"
            },
            {
              "status": "affected",
              "version": "\u003e= 0.2.0, \u003c 8.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a DoS. The bad regular expression is generated any time you have two parameters within a single segment, separated by something that is not a period (.). For users of 0.1, upgrade to 0.1.10. All other users should upgrade to 8.0.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333: Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-09T19:07:40.313Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j"
        },
        {
          "name": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f"
        },
        {
          "name": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6"
        }
      ],
      "source": {
        "advisory": "GHSA-9wv6-86v2-598j",
        "discovery": "UNKNOWN"
      },
      "title": "path-to-regexp outputs backtracking regular expressions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-45296",
    "datePublished": "2024-09-09T19:07:40.313Z",
    "dateReserved": "2024-08-26T18:25:35.442Z",
    "dateUpdated": "2025-01-24T20:03:07.723Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45813 (GCVE-0-2024-45813)

Vulnerability from cvelistv5 – Published: 2024-09-18 16:47 – Updated: 2024-09-18 18:07

Title

ReDoS vulnerability in multiparametric routes in find-my-way

Summary

find-my-way is a fast, open source HTTP router, internally using a Radix Tree (aka compact Prefix Tree), supports route params, wildcards, and it's framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a `-` at the end, like `/:a-:b-`. This may cause a denial of service in some instances. Users are advised to update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. There are no known workarounds for this issue.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-1333 - Inefficient Regular Expression Complexity

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/delvedor/find-my-way/security/…	x_refsource_CONFIRM
https://github.com/delvedor/find-my-way/commit/5e…	x_refsource_MISC
https://blakeembrey.com/posts/2024-09-web-redos	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
delvedor	find-my-way	Affected: < 8.2.2 Affected: = 9.0.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45813",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-18T18:07:01.965848Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-18T18:07:10.935Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "find-my-way",
          "vendor": "delvedor",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 8.2.2"
            },
            {
              "status": "affected",
              "version": "= 9.0.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "find-my-way is a fast, open source HTTP router, internally using a Radix Tree (aka compact Prefix Tree), supports route params, wildcards, and it\u0027s framework independent. A bad regular expression is generated any time one has two parameters within a single segment, when adding a `-` at the end, like `/:a-:b-`. This may cause a denial of service in some instances. Users are advised to update to find-my-way v8.2.2 or v9.0.1. or subsequent versions. There are no known workarounds for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "CWE-1333: Inefficient Regular Expression Complexity",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-18T16:47:57.138Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/delvedor/find-my-way/security/advisories/GHSA-rrr8-f88r-h8q6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/delvedor/find-my-way/security/advisories/GHSA-rrr8-f88r-h8q6"
        },
        {
          "name": "https://github.com/delvedor/find-my-way/commit/5e9e0eb5d8d438e06a185d5e536a896572dd0440",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/delvedor/find-my-way/commit/5e9e0eb5d8d438e06a185d5e536a896572dd0440"
        },
        {
          "name": "https://blakeembrey.com/posts/2024-09-web-redos",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blakeembrey.com/posts/2024-09-web-redos"
        }
      ],
      "source": {
        "advisory": "GHSA-rrr8-f88r-h8q6",
        "discovery": "UNKNOWN"
      },
      "title": "ReDoS vulnerability in multiparametric routes in  find-my-way"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-45813",
    "datePublished": "2024-09-18T16:47:57.138Z",
    "dateReserved": "2024-09-09T14:23:07.505Z",
    "dateUpdated": "2024-09-18T18:07:10.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2024_10236

CVE-2024-21534 (GCVE-0-2024-21534)

CVE-2024-48949 (GCVE-0-2024-48949)

CVE-2024-29415 (GCVE-0-2024-29415)

CVE-2024-34156 (GCVE-0-2024-34156)

CVE-2024-47875 (GCVE-0-2024-47875)

CVE-2023-42282 (GCVE-0-2023-42282)

CVE-2024-45296 (GCVE-0-2024-45296)

CVE-2024-45813 (GCVE-0-2024-45813)

Tags

Sightings

Nomenclature