csaf_redhat - rhsa-2024

rhsa-2024_10907

Vulnerability from csaf_redhat

Published

2024-12-10 08:27

Modified

2024-12-18 04:41

Summary

Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.13

Notes

Topic

Red Hat OpenShift Service Mesh Containers for 2.4.13 This update has a security impact of Low. A Common Vulnerability Scoring system (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation. Security Fix(es): * openshift-istio-kiali-rhel8-container: regular expression denial of service (CVE-2024-21538) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Service Mesh Containers for 2.4.13\n\nThis update has a security impact of Low. A Common Vulnerability Scoring system (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Service Mesh is Red Hat\u0027s distribution of the Istio service mesh project, tailored for installation into an OpenShift Container Platform installation.\n\nSecurity Fix(es):\n\n* openshift-istio-kiali-rhel8-container: regular expression denial of service (CVE-2024-21538)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:10907",
        "url": "https://access.redhat.com/errata/RHSA-2024:10907"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "2324550",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324550"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_10907.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.4.13",
    "tracking": {
      "current_release_date": "2024-12-18T04:41:35+00:00",
      "generator": {
        "date": "2024-12-18T04:41:35+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2024:10907",
      "initial_release_date": "2024-12-10T08:27:59+00:00",
      "revision_history": [
        {
          "date": "2024-12-10T08:27:59+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-12-10T08:27:59+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-18T04:41:35+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "RHOSSM 2.4 for RHEL 8",
                "product": {
                  "name": "RHOSSM 2.4 for RHEL 8",
                  "product_id": "8Base-RHOSSM-2.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:service_mesh:2.4::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Service Mesh"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-service-mesh/istio-cni-rhel8@sha256:4e751e50e70aeed40e10f506e7cd71fd63b3a38564949948d227405f39128d4d_s390x",
                "product": {
                  "name": "openshift-service-mesh/istio-cni-rhel8@sha256:4e751e50e70aeed40e10f506e7cd71fd63b3a38564949948d227405f39128d4d_s390x",
                  "product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:4e751e50e70aeed40e10f506e7cd71fd63b3a38564949948d227405f39128d4d_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/istio-cni-rhel8@sha256:4e751e50e70aeed40e10f506e7cd71fd63b3a38564949948d227405f39128d4d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.4.13-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/grafana-rhel8@sha256:0c9e77ddaba99d84f0233172e1700361be068510fcec34e8b04c6f61f668c4ad_s390x",
                "product": {
                  "name": "openshift-service-mesh/grafana-rhel8@sha256:0c9e77ddaba99d84f0233172e1700361be068510fcec34e8b04c6f61f668c4ad_s390x",
                  "product_id": "openshift-service-mesh/grafana-rhel8@sha256:0c9e77ddaba99d84f0233172e1700361be068510fcec34e8b04c6f61f668c4ad_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/grafana-rhel8@sha256:0c9e77ddaba99d84f0233172e1700361be068510fcec34e8b04c6f61f668c4ad?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.4.13-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/kiali-rhel8@sha256:5037323af6ba1e5ecd2d57db89167f486101c3edd6a759a29b57bdf42899cb1e_s390x",
                "product": {
                  "name": "openshift-service-mesh/kiali-rhel8@sha256:5037323af6ba1e5ecd2d57db89167f486101c3edd6a759a29b57bdf42899cb1e_s390x",
                  "product_id": "openshift-service-mesh/kiali-rhel8@sha256:5037323af6ba1e5ecd2d57db89167f486101c3edd6a759a29b57bdf42899cb1e_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel8@sha256:5037323af6ba1e5ecd2d57db89167f486101c3edd6a759a29b57bdf42899cb1e?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.65.18-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/pilot-rhel8@sha256:cbde432fb47697e56c1756fef2605b388a426c02f078dcc354fe990aa6da09fb_s390x",
                "product": {
                  "name": "openshift-service-mesh/pilot-rhel8@sha256:cbde432fb47697e56c1756fef2605b388a426c02f078dcc354fe990aa6da09fb_s390x",
                  "product_id": "openshift-service-mesh/pilot-rhel8@sha256:cbde432fb47697e56c1756fef2605b388a426c02f078dcc354fe990aa6da09fb_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pilot-rhel8@sha256:cbde432fb47697e56c1756fef2605b388a426c02f078dcc354fe990aa6da09fb?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.4.13-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/proxyv2-rhel8@sha256:e9b70a5f51e21448578db6eaca0b6e7218550a01e0a59e63876f6b67ec467e51_s390x",
                "product": {
                  "name": "openshift-service-mesh/proxyv2-rhel8@sha256:e9b70a5f51e21448578db6eaca0b6e7218550a01e0a59e63876f6b67ec467e51_s390x",
                  "product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:e9b70a5f51e21448578db6eaca0b6e7218550a01e0a59e63876f6b67ec467e51_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/proxyv2-rhel8@sha256:e9b70a5f51e21448578db6eaca0b6e7218550a01e0a59e63876f6b67ec467e51?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.4.13-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/ratelimit-rhel8@sha256:adc7753eb50bd022b2be6399eb88d2040694df8c14e60b16e2035718f7617767_s390x",
                "product": {
                  "name": "openshift-service-mesh/ratelimit-rhel8@sha256:adc7753eb50bd022b2be6399eb88d2040694df8c14e60b16e2035718f7617767_s390x",
                  "product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:adc7753eb50bd022b2be6399eb88d2040694df8c14e60b16e2035718f7617767_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ratelimit-rhel8@sha256:adc7753eb50bd022b2be6399eb88d2040694df8c14e60b16e2035718f7617767?arch=s390x\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.4.13-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-service-mesh/istio-cni-rhel8@sha256:0d8f01448c9521e550fc07d615a13bb0cd5d52adf7580b38736a5c009add80cd_amd64",
                "product": {
                  "name": "openshift-service-mesh/istio-cni-rhel8@sha256:0d8f01448c9521e550fc07d615a13bb0cd5d52adf7580b38736a5c009add80cd_amd64",
                  "product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:0d8f01448c9521e550fc07d615a13bb0cd5d52adf7580b38736a5c009add80cd_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/istio-cni-rhel8@sha256:0d8f01448c9521e550fc07d615a13bb0cd5d52adf7580b38736a5c009add80cd?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.4.13-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/grafana-rhel8@sha256:038ff3272abfdae58e975df71981217356cd6f83d5545a7a3ce5c7bb59e8943e_amd64",
                "product": {
                  "name": "openshift-service-mesh/grafana-rhel8@sha256:038ff3272abfdae58e975df71981217356cd6f83d5545a7a3ce5c7bb59e8943e_amd64",
                  "product_id": "openshift-service-mesh/grafana-rhel8@sha256:038ff3272abfdae58e975df71981217356cd6f83d5545a7a3ce5c7bb59e8943e_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/grafana-rhel8@sha256:038ff3272abfdae58e975df71981217356cd6f83d5545a7a3ce5c7bb59e8943e?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.4.13-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/kiali-rhel8@sha256:c705ca948677f9f0d5540a7a920873cb98ec357ddfa479042adeedf2032b340b_amd64",
                "product": {
                  "name": "openshift-service-mesh/kiali-rhel8@sha256:c705ca948677f9f0d5540a7a920873cb98ec357ddfa479042adeedf2032b340b_amd64",
                  "product_id": "openshift-service-mesh/kiali-rhel8@sha256:c705ca948677f9f0d5540a7a920873cb98ec357ddfa479042adeedf2032b340b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel8@sha256:c705ca948677f9f0d5540a7a920873cb98ec357ddfa479042adeedf2032b340b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.65.18-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/pilot-rhel8@sha256:f30111a3dc7c5b1d327acff9d2c2052162e71654f350723e85a85e2aafa1b544_amd64",
                "product": {
                  "name": "openshift-service-mesh/pilot-rhel8@sha256:f30111a3dc7c5b1d327acff9d2c2052162e71654f350723e85a85e2aafa1b544_amd64",
                  "product_id": "openshift-service-mesh/pilot-rhel8@sha256:f30111a3dc7c5b1d327acff9d2c2052162e71654f350723e85a85e2aafa1b544_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pilot-rhel8@sha256:f30111a3dc7c5b1d327acff9d2c2052162e71654f350723e85a85e2aafa1b544?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.4.13-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/proxyv2-rhel8@sha256:52dbe354d1ffb466c53de1d30968f844fdcaecd9de275e706898676a451e962a_amd64",
                "product": {
                  "name": "openshift-service-mesh/proxyv2-rhel8@sha256:52dbe354d1ffb466c53de1d30968f844fdcaecd9de275e706898676a451e962a_amd64",
                  "product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:52dbe354d1ffb466c53de1d30968f844fdcaecd9de275e706898676a451e962a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/proxyv2-rhel8@sha256:52dbe354d1ffb466c53de1d30968f844fdcaecd9de275e706898676a451e962a?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.4.13-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/ratelimit-rhel8@sha256:122b49c3269dbf9f95087e60ea7c97ef574ec06c6c5ec6fd86d2a47677529f77_amd64",
                "product": {
                  "name": "openshift-service-mesh/ratelimit-rhel8@sha256:122b49c3269dbf9f95087e60ea7c97ef574ec06c6c5ec6fd86d2a47677529f77_amd64",
                  "product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:122b49c3269dbf9f95087e60ea7c97ef574ec06c6c5ec6fd86d2a47677529f77_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ratelimit-rhel8@sha256:122b49c3269dbf9f95087e60ea7c97ef574ec06c6c5ec6fd86d2a47677529f77?arch=amd64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.4.13-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-service-mesh/istio-cni-rhel8@sha256:365fb88bfa7627e7a88152f1e29e0ee8be10a0202097dded7e1d098e9860be2c_arm64",
                "product": {
                  "name": "openshift-service-mesh/istio-cni-rhel8@sha256:365fb88bfa7627e7a88152f1e29e0ee8be10a0202097dded7e1d098e9860be2c_arm64",
                  "product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:365fb88bfa7627e7a88152f1e29e0ee8be10a0202097dded7e1d098e9860be2c_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/istio-cni-rhel8@sha256:365fb88bfa7627e7a88152f1e29e0ee8be10a0202097dded7e1d098e9860be2c?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.4.13-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/grafana-rhel8@sha256:7c34b4c894c44071539d83dbe3d1b6fa831747d8d6fd36049bfcaba1a41352b0_arm64",
                "product": {
                  "name": "openshift-service-mesh/grafana-rhel8@sha256:7c34b4c894c44071539d83dbe3d1b6fa831747d8d6fd36049bfcaba1a41352b0_arm64",
                  "product_id": "openshift-service-mesh/grafana-rhel8@sha256:7c34b4c894c44071539d83dbe3d1b6fa831747d8d6fd36049bfcaba1a41352b0_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/grafana-rhel8@sha256:7c34b4c894c44071539d83dbe3d1b6fa831747d8d6fd36049bfcaba1a41352b0?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.4.13-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/kiali-rhel8@sha256:7108cb02e6f49062f1171c0625adbe26fdcb0b309dc460cf11134203047cf753_arm64",
                "product": {
                  "name": "openshift-service-mesh/kiali-rhel8@sha256:7108cb02e6f49062f1171c0625adbe26fdcb0b309dc460cf11134203047cf753_arm64",
                  "product_id": "openshift-service-mesh/kiali-rhel8@sha256:7108cb02e6f49062f1171c0625adbe26fdcb0b309dc460cf11134203047cf753_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel8@sha256:7108cb02e6f49062f1171c0625adbe26fdcb0b309dc460cf11134203047cf753?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.65.18-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/pilot-rhel8@sha256:bd1d6ec7cab78f439e27e5f3368b1e3f74f30e194adc580368e4d4708d598d25_arm64",
                "product": {
                  "name": "openshift-service-mesh/pilot-rhel8@sha256:bd1d6ec7cab78f439e27e5f3368b1e3f74f30e194adc580368e4d4708d598d25_arm64",
                  "product_id": "openshift-service-mesh/pilot-rhel8@sha256:bd1d6ec7cab78f439e27e5f3368b1e3f74f30e194adc580368e4d4708d598d25_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pilot-rhel8@sha256:bd1d6ec7cab78f439e27e5f3368b1e3f74f30e194adc580368e4d4708d598d25?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.4.13-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/proxyv2-rhel8@sha256:3da3c161efbc4ff091ae8a32d7ce65d4ba4778d611513cb471b79b4b2a506fe0_arm64",
                "product": {
                  "name": "openshift-service-mesh/proxyv2-rhel8@sha256:3da3c161efbc4ff091ae8a32d7ce65d4ba4778d611513cb471b79b4b2a506fe0_arm64",
                  "product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:3da3c161efbc4ff091ae8a32d7ce65d4ba4778d611513cb471b79b4b2a506fe0_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/proxyv2-rhel8@sha256:3da3c161efbc4ff091ae8a32d7ce65d4ba4778d611513cb471b79b4b2a506fe0?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.4.13-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/ratelimit-rhel8@sha256:f794ffed7e90be35231eb9bf8bcf9c196f3ee63619e3aac03a00c1d2ed4e28e4_arm64",
                "product": {
                  "name": "openshift-service-mesh/ratelimit-rhel8@sha256:f794ffed7e90be35231eb9bf8bcf9c196f3ee63619e3aac03a00c1d2ed4e28e4_arm64",
                  "product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:f794ffed7e90be35231eb9bf8bcf9c196f3ee63619e3aac03a00c1d2ed4e28e4_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ratelimit-rhel8@sha256:f794ffed7e90be35231eb9bf8bcf9c196f3ee63619e3aac03a00c1d2ed4e28e4?arch=arm64\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.4.13-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "openshift-service-mesh/istio-cni-rhel8@sha256:4eb83e92496d40e91a4ebc29afb8629b7d0ae4c2cd985759cdbdc1c4f663ec60_ppc64le",
                "product": {
                  "name": "openshift-service-mesh/istio-cni-rhel8@sha256:4eb83e92496d40e91a4ebc29afb8629b7d0ae4c2cd985759cdbdc1c4f663ec60_ppc64le",
                  "product_id": "openshift-service-mesh/istio-cni-rhel8@sha256:4eb83e92496d40e91a4ebc29afb8629b7d0ae4c2cd985759cdbdc1c4f663ec60_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/istio-cni-rhel8@sha256:4eb83e92496d40e91a4ebc29afb8629b7d0ae4c2cd985759cdbdc1c4f663ec60?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/istio-cni-rhel8\u0026tag=2.4.13-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/grafana-rhel8@sha256:6242cee76e23f4ec6361d9ab652fff0e5e88640f535436fdf4b5213a516db091_ppc64le",
                "product": {
                  "name": "openshift-service-mesh/grafana-rhel8@sha256:6242cee76e23f4ec6361d9ab652fff0e5e88640f535436fdf4b5213a516db091_ppc64le",
                  "product_id": "openshift-service-mesh/grafana-rhel8@sha256:6242cee76e23f4ec6361d9ab652fff0e5e88640f535436fdf4b5213a516db091_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/grafana-rhel8@sha256:6242cee76e23f4ec6361d9ab652fff0e5e88640f535436fdf4b5213a516db091?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/grafana-rhel8\u0026tag=2.4.13-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/kiali-rhel8@sha256:c4b384206adece2b3b854600f11e63f345aeb0c7e5e2eb584151e600c89180ba_ppc64le",
                "product": {
                  "name": "openshift-service-mesh/kiali-rhel8@sha256:c4b384206adece2b3b854600f11e63f345aeb0c7e5e2eb584151e600c89180ba_ppc64le",
                  "product_id": "openshift-service-mesh/kiali-rhel8@sha256:c4b384206adece2b3b854600f11e63f345aeb0c7e5e2eb584151e600c89180ba_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/kiali-rhel8@sha256:c4b384206adece2b3b854600f11e63f345aeb0c7e5e2eb584151e600c89180ba?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/kiali-rhel8\u0026tag=1.65.18-1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/pilot-rhel8@sha256:3a43713c2849173f6cdf216d7bf370b54afda00b640d1d34096d953326bf8414_ppc64le",
                "product": {
                  "name": "openshift-service-mesh/pilot-rhel8@sha256:3a43713c2849173f6cdf216d7bf370b54afda00b640d1d34096d953326bf8414_ppc64le",
                  "product_id": "openshift-service-mesh/pilot-rhel8@sha256:3a43713c2849173f6cdf216d7bf370b54afda00b640d1d34096d953326bf8414_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pilot-rhel8@sha256:3a43713c2849173f6cdf216d7bf370b54afda00b640d1d34096d953326bf8414?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/pilot-rhel8\u0026tag=2.4.13-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/proxyv2-rhel8@sha256:8ab022691634e7283f9f3d8be1ae926e0435291ca2a0da963528510d402b5937_ppc64le",
                "product": {
                  "name": "openshift-service-mesh/proxyv2-rhel8@sha256:8ab022691634e7283f9f3d8be1ae926e0435291ca2a0da963528510d402b5937_ppc64le",
                  "product_id": "openshift-service-mesh/proxyv2-rhel8@sha256:8ab022691634e7283f9f3d8be1ae926e0435291ca2a0da963528510d402b5937_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/proxyv2-rhel8@sha256:8ab022691634e7283f9f3d8be1ae926e0435291ca2a0da963528510d402b5937?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/proxyv2-rhel8\u0026tag=2.4.13-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "openshift-service-mesh/ratelimit-rhel8@sha256:f280141fb58347835ad79002475d6ab638e637e3e95fb45f239b611c228c6cf4_ppc64le",
                "product": {
                  "name": "openshift-service-mesh/ratelimit-rhel8@sha256:f280141fb58347835ad79002475d6ab638e637e3e95fb45f239b611c228c6cf4_ppc64le",
                  "product_id": "openshift-service-mesh/ratelimit-rhel8@sha256:f280141fb58347835ad79002475d6ab638e637e3e95fb45f239b611c228c6cf4_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/ratelimit-rhel8@sha256:f280141fb58347835ad79002475d6ab638e637e3e95fb45f239b611c228c6cf4?arch=ppc64le\u0026repository_url=registry.redhat.io/openshift-service-mesh/ratelimit-rhel8\u0026tag=2.4.13-2"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/grafana-rhel8@sha256:038ff3272abfdae58e975df71981217356cd6f83d5545a7a3ce5c7bb59e8943e_amd64 as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:038ff3272abfdae58e975df71981217356cd6f83d5545a7a3ce5c7bb59e8943e_amd64"
        },
        "product_reference": "openshift-service-mesh/grafana-rhel8@sha256:038ff3272abfdae58e975df71981217356cd6f83d5545a7a3ce5c7bb59e8943e_amd64",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/grafana-rhel8@sha256:0c9e77ddaba99d84f0233172e1700361be068510fcec34e8b04c6f61f668c4ad_s390x as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0c9e77ddaba99d84f0233172e1700361be068510fcec34e8b04c6f61f668c4ad_s390x"
        },
        "product_reference": "openshift-service-mesh/grafana-rhel8@sha256:0c9e77ddaba99d84f0233172e1700361be068510fcec34e8b04c6f61f668c4ad_s390x",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/grafana-rhel8@sha256:6242cee76e23f4ec6361d9ab652fff0e5e88640f535436fdf4b5213a516db091_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:6242cee76e23f4ec6361d9ab652fff0e5e88640f535436fdf4b5213a516db091_ppc64le"
        },
        "product_reference": "openshift-service-mesh/grafana-rhel8@sha256:6242cee76e23f4ec6361d9ab652fff0e5e88640f535436fdf4b5213a516db091_ppc64le",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/grafana-rhel8@sha256:7c34b4c894c44071539d83dbe3d1b6fa831747d8d6fd36049bfcaba1a41352b0_arm64 as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:7c34b4c894c44071539d83dbe3d1b6fa831747d8d6fd36049bfcaba1a41352b0_arm64"
        },
        "product_reference": "openshift-service-mesh/grafana-rhel8@sha256:7c34b4c894c44071539d83dbe3d1b6fa831747d8d6fd36049bfcaba1a41352b0_arm64",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/istio-cni-rhel8@sha256:0d8f01448c9521e550fc07d615a13bb0cd5d52adf7580b38736a5c009add80cd_amd64 as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:0d8f01448c9521e550fc07d615a13bb0cd5d52adf7580b38736a5c009add80cd_amd64"
        },
        "product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:0d8f01448c9521e550fc07d615a13bb0cd5d52adf7580b38736a5c009add80cd_amd64",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/istio-cni-rhel8@sha256:365fb88bfa7627e7a88152f1e29e0ee8be10a0202097dded7e1d098e9860be2c_arm64 as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:365fb88bfa7627e7a88152f1e29e0ee8be10a0202097dded7e1d098e9860be2c_arm64"
        },
        "product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:365fb88bfa7627e7a88152f1e29e0ee8be10a0202097dded7e1d098e9860be2c_arm64",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/istio-cni-rhel8@sha256:4e751e50e70aeed40e10f506e7cd71fd63b3a38564949948d227405f39128d4d_s390x as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4e751e50e70aeed40e10f506e7cd71fd63b3a38564949948d227405f39128d4d_s390x"
        },
        "product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:4e751e50e70aeed40e10f506e7cd71fd63b3a38564949948d227405f39128d4d_s390x",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/istio-cni-rhel8@sha256:4eb83e92496d40e91a4ebc29afb8629b7d0ae4c2cd985759cdbdc1c4f663ec60_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4eb83e92496d40e91a4ebc29afb8629b7d0ae4c2cd985759cdbdc1c4f663ec60_ppc64le"
        },
        "product_reference": "openshift-service-mesh/istio-cni-rhel8@sha256:4eb83e92496d40e91a4ebc29afb8629b7d0ae4c2cd985759cdbdc1c4f663ec60_ppc64le",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/kiali-rhel8@sha256:5037323af6ba1e5ecd2d57db89167f486101c3edd6a759a29b57bdf42899cb1e_s390x as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:5037323af6ba1e5ecd2d57db89167f486101c3edd6a759a29b57bdf42899cb1e_s390x"
        },
        "product_reference": "openshift-service-mesh/kiali-rhel8@sha256:5037323af6ba1e5ecd2d57db89167f486101c3edd6a759a29b57bdf42899cb1e_s390x",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/kiali-rhel8@sha256:7108cb02e6f49062f1171c0625adbe26fdcb0b309dc460cf11134203047cf753_arm64 as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:7108cb02e6f49062f1171c0625adbe26fdcb0b309dc460cf11134203047cf753_arm64"
        },
        "product_reference": "openshift-service-mesh/kiali-rhel8@sha256:7108cb02e6f49062f1171c0625adbe26fdcb0b309dc460cf11134203047cf753_arm64",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/kiali-rhel8@sha256:c4b384206adece2b3b854600f11e63f345aeb0c7e5e2eb584151e600c89180ba_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c4b384206adece2b3b854600f11e63f345aeb0c7e5e2eb584151e600c89180ba_ppc64le"
        },
        "product_reference": "openshift-service-mesh/kiali-rhel8@sha256:c4b384206adece2b3b854600f11e63f345aeb0c7e5e2eb584151e600c89180ba_ppc64le",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/kiali-rhel8@sha256:c705ca948677f9f0d5540a7a920873cb98ec357ddfa479042adeedf2032b340b_amd64 as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c705ca948677f9f0d5540a7a920873cb98ec357ddfa479042adeedf2032b340b_amd64"
        },
        "product_reference": "openshift-service-mesh/kiali-rhel8@sha256:c705ca948677f9f0d5540a7a920873cb98ec357ddfa479042adeedf2032b340b_amd64",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/pilot-rhel8@sha256:3a43713c2849173f6cdf216d7bf370b54afda00b640d1d34096d953326bf8414_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:3a43713c2849173f6cdf216d7bf370b54afda00b640d1d34096d953326bf8414_ppc64le"
        },
        "product_reference": "openshift-service-mesh/pilot-rhel8@sha256:3a43713c2849173f6cdf216d7bf370b54afda00b640d1d34096d953326bf8414_ppc64le",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/pilot-rhel8@sha256:bd1d6ec7cab78f439e27e5f3368b1e3f74f30e194adc580368e4d4708d598d25_arm64 as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:bd1d6ec7cab78f439e27e5f3368b1e3f74f30e194adc580368e4d4708d598d25_arm64"
        },
        "product_reference": "openshift-service-mesh/pilot-rhel8@sha256:bd1d6ec7cab78f439e27e5f3368b1e3f74f30e194adc580368e4d4708d598d25_arm64",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/pilot-rhel8@sha256:cbde432fb47697e56c1756fef2605b388a426c02f078dcc354fe990aa6da09fb_s390x as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:cbde432fb47697e56c1756fef2605b388a426c02f078dcc354fe990aa6da09fb_s390x"
        },
        "product_reference": "openshift-service-mesh/pilot-rhel8@sha256:cbde432fb47697e56c1756fef2605b388a426c02f078dcc354fe990aa6da09fb_s390x",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/pilot-rhel8@sha256:f30111a3dc7c5b1d327acff9d2c2052162e71654f350723e85a85e2aafa1b544_amd64 as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:f30111a3dc7c5b1d327acff9d2c2052162e71654f350723e85a85e2aafa1b544_amd64"
        },
        "product_reference": "openshift-service-mesh/pilot-rhel8@sha256:f30111a3dc7c5b1d327acff9d2c2052162e71654f350723e85a85e2aafa1b544_amd64",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/proxyv2-rhel8@sha256:3da3c161efbc4ff091ae8a32d7ce65d4ba4778d611513cb471b79b4b2a506fe0_arm64 as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:3da3c161efbc4ff091ae8a32d7ce65d4ba4778d611513cb471b79b4b2a506fe0_arm64"
        },
        "product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:3da3c161efbc4ff091ae8a32d7ce65d4ba4778d611513cb471b79b4b2a506fe0_arm64",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/proxyv2-rhel8@sha256:52dbe354d1ffb466c53de1d30968f844fdcaecd9de275e706898676a451e962a_amd64 as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52dbe354d1ffb466c53de1d30968f844fdcaecd9de275e706898676a451e962a_amd64"
        },
        "product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:52dbe354d1ffb466c53de1d30968f844fdcaecd9de275e706898676a451e962a_amd64",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/proxyv2-rhel8@sha256:8ab022691634e7283f9f3d8be1ae926e0435291ca2a0da963528510d402b5937_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:8ab022691634e7283f9f3d8be1ae926e0435291ca2a0da963528510d402b5937_ppc64le"
        },
        "product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:8ab022691634e7283f9f3d8be1ae926e0435291ca2a0da963528510d402b5937_ppc64le",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/proxyv2-rhel8@sha256:e9b70a5f51e21448578db6eaca0b6e7218550a01e0a59e63876f6b67ec467e51_s390x as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e9b70a5f51e21448578db6eaca0b6e7218550a01e0a59e63876f6b67ec467e51_s390x"
        },
        "product_reference": "openshift-service-mesh/proxyv2-rhel8@sha256:e9b70a5f51e21448578db6eaca0b6e7218550a01e0a59e63876f6b67ec467e51_s390x",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/ratelimit-rhel8@sha256:122b49c3269dbf9f95087e60ea7c97ef574ec06c6c5ec6fd86d2a47677529f77_amd64 as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:122b49c3269dbf9f95087e60ea7c97ef574ec06c6c5ec6fd86d2a47677529f77_amd64"
        },
        "product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:122b49c3269dbf9f95087e60ea7c97ef574ec06c6c5ec6fd86d2a47677529f77_amd64",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/ratelimit-rhel8@sha256:adc7753eb50bd022b2be6399eb88d2040694df8c14e60b16e2035718f7617767_s390x as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:adc7753eb50bd022b2be6399eb88d2040694df8c14e60b16e2035718f7617767_s390x"
        },
        "product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:adc7753eb50bd022b2be6399eb88d2040694df8c14e60b16e2035718f7617767_s390x",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/ratelimit-rhel8@sha256:f280141fb58347835ad79002475d6ab638e637e3e95fb45f239b611c228c6cf4_ppc64le as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:f280141fb58347835ad79002475d6ab638e637e3e95fb45f239b611c228c6cf4_ppc64le"
        },
        "product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:f280141fb58347835ad79002475d6ab638e637e3e95fb45f239b611c228c6cf4_ppc64le",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "openshift-service-mesh/ratelimit-rhel8@sha256:f794ffed7e90be35231eb9bf8bcf9c196f3ee63619e3aac03a00c1d2ed4e28e4_arm64 as a component of RHOSSM 2.4 for RHEL 8",
          "product_id": "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:f794ffed7e90be35231eb9bf8bcf9c196f3ee63619e3aac03a00c1d2ed4e28e4_arm64"
        },
        "product_reference": "openshift-service-mesh/ratelimit-rhel8@sha256:f794ffed7e90be35231eb9bf8bcf9c196f3ee63619e3aac03a00c1d2ed4e28e4_arm64",
        "relates_to_product_reference": "8Base-RHOSSM-2.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-21538",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "discovery_date": "2024-11-08T13:44:29.182678+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2324550"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "cross-spawn: regular expression denial of service",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:038ff3272abfdae58e975df71981217356cd6f83d5545a7a3ce5c7bb59e8943e_amd64",
          "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0c9e77ddaba99d84f0233172e1700361be068510fcec34e8b04c6f61f668c4ad_s390x",
          "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:6242cee76e23f4ec6361d9ab652fff0e5e88640f535436fdf4b5213a516db091_ppc64le",
          "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:7c34b4c894c44071539d83dbe3d1b6fa831747d8d6fd36049bfcaba1a41352b0_arm64",
          "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:0d8f01448c9521e550fc07d615a13bb0cd5d52adf7580b38736a5c009add80cd_amd64",
          "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:365fb88bfa7627e7a88152f1e29e0ee8be10a0202097dded7e1d098e9860be2c_arm64",
          "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4e751e50e70aeed40e10f506e7cd71fd63b3a38564949948d227405f39128d4d_s390x",
          "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4eb83e92496d40e91a4ebc29afb8629b7d0ae4c2cd985759cdbdc1c4f663ec60_ppc64le",
          "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:5037323af6ba1e5ecd2d57db89167f486101c3edd6a759a29b57bdf42899cb1e_s390x",
          "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:7108cb02e6f49062f1171c0625adbe26fdcb0b309dc460cf11134203047cf753_arm64",
          "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c4b384206adece2b3b854600f11e63f345aeb0c7e5e2eb584151e600c89180ba_ppc64le",
          "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c705ca948677f9f0d5540a7a920873cb98ec357ddfa479042adeedf2032b340b_amd64",
          "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:3a43713c2849173f6cdf216d7bf370b54afda00b640d1d34096d953326bf8414_ppc64le",
          "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:bd1d6ec7cab78f439e27e5f3368b1e3f74f30e194adc580368e4d4708d598d25_arm64",
          "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:cbde432fb47697e56c1756fef2605b388a426c02f078dcc354fe990aa6da09fb_s390x",
          "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:f30111a3dc7c5b1d327acff9d2c2052162e71654f350723e85a85e2aafa1b544_amd64",
          "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:3da3c161efbc4ff091ae8a32d7ce65d4ba4778d611513cb471b79b4b2a506fe0_arm64",
          "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52dbe354d1ffb466c53de1d30968f844fdcaecd9de275e706898676a451e962a_amd64",
          "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:8ab022691634e7283f9f3d8be1ae926e0435291ca2a0da963528510d402b5937_ppc64le",
          "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e9b70a5f51e21448578db6eaca0b6e7218550a01e0a59e63876f6b67ec467e51_s390x",
          "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:122b49c3269dbf9f95087e60ea7c97ef574ec06c6c5ec6fd86d2a47677529f77_amd64",
          "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:adc7753eb50bd022b2be6399eb88d2040694df8c14e60b16e2035718f7617767_s390x",
          "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:f280141fb58347835ad79002475d6ab638e637e3e95fb45f239b611c228c6cf4_ppc64le",
          "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:f794ffed7e90be35231eb9bf8bcf9c196f3ee63619e3aac03a00c1d2ed4e28e4_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-21538"
        },
        {
          "category": "external",
          "summary": "RHBZ#2324550",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324550"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-21538",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21538",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21538"
        },
        {
          "category": "external",
          "summary": "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff",
          "url": "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff"
        },
        {
          "category": "external",
          "summary": "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f",
          "url": "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f"
        },
        {
          "category": "external",
          "summary": "https://github.com/moxystudio/node-cross-spawn/pull/160",
          "url": "https://github.com/moxystudio/node-cross-spawn/pull/160"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230",
          "url": "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230"
        }
      ],
      "release_date": "2024-11-08T05:00:04.695000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-12-10T08:27:59+00:00",
          "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:038ff3272abfdae58e975df71981217356cd6f83d5545a7a3ce5c7bb59e8943e_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0c9e77ddaba99d84f0233172e1700361be068510fcec34e8b04c6f61f668c4ad_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:6242cee76e23f4ec6361d9ab652fff0e5e88640f535436fdf4b5213a516db091_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:7c34b4c894c44071539d83dbe3d1b6fa831747d8d6fd36049bfcaba1a41352b0_arm64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:0d8f01448c9521e550fc07d615a13bb0cd5d52adf7580b38736a5c009add80cd_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:365fb88bfa7627e7a88152f1e29e0ee8be10a0202097dded7e1d098e9860be2c_arm64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4e751e50e70aeed40e10f506e7cd71fd63b3a38564949948d227405f39128d4d_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4eb83e92496d40e91a4ebc29afb8629b7d0ae4c2cd985759cdbdc1c4f663ec60_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:5037323af6ba1e5ecd2d57db89167f486101c3edd6a759a29b57bdf42899cb1e_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:7108cb02e6f49062f1171c0625adbe26fdcb0b309dc460cf11134203047cf753_arm64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c4b384206adece2b3b854600f11e63f345aeb0c7e5e2eb584151e600c89180ba_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c705ca948677f9f0d5540a7a920873cb98ec357ddfa479042adeedf2032b340b_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:3a43713c2849173f6cdf216d7bf370b54afda00b640d1d34096d953326bf8414_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:bd1d6ec7cab78f439e27e5f3368b1e3f74f30e194adc580368e4d4708d598d25_arm64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:cbde432fb47697e56c1756fef2605b388a426c02f078dcc354fe990aa6da09fb_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:f30111a3dc7c5b1d327acff9d2c2052162e71654f350723e85a85e2aafa1b544_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:3da3c161efbc4ff091ae8a32d7ce65d4ba4778d611513cb471b79b4b2a506fe0_arm64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52dbe354d1ffb466c53de1d30968f844fdcaecd9de275e706898676a451e962a_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:8ab022691634e7283f9f3d8be1ae926e0435291ca2a0da963528510d402b5937_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e9b70a5f51e21448578db6eaca0b6e7218550a01e0a59e63876f6b67ec467e51_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:122b49c3269dbf9f95087e60ea7c97ef574ec06c6c5ec6fd86d2a47677529f77_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:adc7753eb50bd022b2be6399eb88d2040694df8c14e60b16e2035718f7617767_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:f280141fb58347835ad79002475d6ab638e637e3e95fb45f239b611c228c6cf4_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:f794ffed7e90be35231eb9bf8bcf9c196f3ee63619e3aac03a00c1d2ed4e28e4_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:10907"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:038ff3272abfdae58e975df71981217356cd6f83d5545a7a3ce5c7bb59e8943e_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:0c9e77ddaba99d84f0233172e1700361be068510fcec34e8b04c6f61f668c4ad_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:6242cee76e23f4ec6361d9ab652fff0e5e88640f535436fdf4b5213a516db091_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/grafana-rhel8@sha256:7c34b4c894c44071539d83dbe3d1b6fa831747d8d6fd36049bfcaba1a41352b0_arm64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:0d8f01448c9521e550fc07d615a13bb0cd5d52adf7580b38736a5c009add80cd_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:365fb88bfa7627e7a88152f1e29e0ee8be10a0202097dded7e1d098e9860be2c_arm64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4e751e50e70aeed40e10f506e7cd71fd63b3a38564949948d227405f39128d4d_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/istio-cni-rhel8@sha256:4eb83e92496d40e91a4ebc29afb8629b7d0ae4c2cd985759cdbdc1c4f663ec60_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:5037323af6ba1e5ecd2d57db89167f486101c3edd6a759a29b57bdf42899cb1e_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:7108cb02e6f49062f1171c0625adbe26fdcb0b309dc460cf11134203047cf753_arm64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c4b384206adece2b3b854600f11e63f345aeb0c7e5e2eb584151e600c89180ba_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/kiali-rhel8@sha256:c705ca948677f9f0d5540a7a920873cb98ec357ddfa479042adeedf2032b340b_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:3a43713c2849173f6cdf216d7bf370b54afda00b640d1d34096d953326bf8414_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:bd1d6ec7cab78f439e27e5f3368b1e3f74f30e194adc580368e4d4708d598d25_arm64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:cbde432fb47697e56c1756fef2605b388a426c02f078dcc354fe990aa6da09fb_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/pilot-rhel8@sha256:f30111a3dc7c5b1d327acff9d2c2052162e71654f350723e85a85e2aafa1b544_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:3da3c161efbc4ff091ae8a32d7ce65d4ba4778d611513cb471b79b4b2a506fe0_arm64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:52dbe354d1ffb466c53de1d30968f844fdcaecd9de275e706898676a451e962a_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:8ab022691634e7283f9f3d8be1ae926e0435291ca2a0da963528510d402b5937_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/proxyv2-rhel8@sha256:e9b70a5f51e21448578db6eaca0b6e7218550a01e0a59e63876f6b67ec467e51_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:122b49c3269dbf9f95087e60ea7c97ef574ec06c6c5ec6fd86d2a47677529f77_amd64",
            "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:adc7753eb50bd022b2be6399eb88d2040694df8c14e60b16e2035718f7617767_s390x",
            "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:f280141fb58347835ad79002475d6ab638e637e3e95fb45f239b611c228c6cf4_ppc64le",
            "8Base-RHOSSM-2.4:openshift-service-mesh/ratelimit-rhel8@sha256:f794ffed7e90be35231eb9bf8bcf9c196f3ee63619e3aac03a00c1d2ed4e28e4_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "cross-spawn: regular expression denial of service"
    }
  ]
}

cve-2024-21538

Vulnerability from cvelistv5

Published

2024-11-08 05:00

Modified

2024-11-19 13:51

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

Summary

Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.

References

▼	URL	Tags
	https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230
	https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8366349
	https://github.com/moxystudio/node-cross-spawn/pull/160
	https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f
	https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff

Impacted products

Vendor

Product

Version

▼

n/a

cross-spawn

Version: 0 ≤

n/a

org.webjars.npm:cross-spawn

Version: 0 ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:cross-spawn:cross-spawn:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cross-spawn",
            "vendor": "cross-spawn",
            "versions": [
              {
                "lessThan": "7.0.5",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-21538",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-08T14:54:27.777922Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-08T14:57:02.188Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "cross-spawn",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "7.0.5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "product": "org.webjars.npm:cross-spawn",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Rongchen Li"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1333",
              "description": "Regular Expression Denial of Service (ReDoS)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-19T13:51:33.911Z",
        "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "shortName": "snyk"
      },
      "references": [
        {
          "url": "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230"
        },
        {
          "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-8366349"
        },
        {
          "url": "https://github.com/moxystudio/node-cross-spawn/pull/160"
        },
        {
          "url": "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f"
        },
        {
          "url": "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
    "assignerShortName": "snyk",
    "cveId": "CVE-2024-21538",
    "datePublished": "2024-11-08T05:00:04.695Z",
    "dateReserved": "2023-12-22T12:33:20.123Z",
    "dateUpdated": "2024-11-19T13:51:33.911Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted