Vulnerability-Lookup

RHSA-2024_6667

Vulnerability from csaf_redhat - Published: 2024-09-12 21:30 - Updated: 2024-12-18 05:26

Summary

Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.16.0 release

Severity

Important

Notes

Topic: Red Hat OpenShift Dev Spaces 3.16 has been released. All containers have been updated to include feature enhancements, bug fixes and CVE fixes. Following the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.

Details: Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development. The 3.16 release is based on Eclipse Che 7.90 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2. Users still using the v1 standard should migrate as soon as possible. https://devfile.io/docs/2.2.0/migrating-to-devfile-v2 Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. https://access.redhat.com/support/policy/updates/openshift#crw

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2021-0341

In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-295 - Improper Certificate Validation

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le	—	Vendor Fix fix

Known not affected 34 products

Product	Identifier	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x		—
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64		—

Threats

Impact Moderate

CVE-2023-3635

A flaw was found in SquareUp Okio. A class GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This issue may allow a malicious user to start processing a malformed file, which can result in a Denial of Service (DoS).

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-248 - Uncaught Exception

Affected products

Fixed 37 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x	—	Vendor Fix fix
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64	—	Vendor Fix fix

Threats

Impact Important

CVE-2024-6345

A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Fixed 37 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64	—	Vendor Fix fix Workaround

Threats

Impact Important

CVE-2024-22234

A vulnerability was found in Spring Security. This issue may lead to Broken Access Control, allowing a malicious user to impact the Confidentiality and Integrity of an application or server. This requires the application to use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and have a null authentication parameter passed to it, resulting in an erroneous true return value.

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-284 - Improper Access Control

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le	—	Vendor Fix fix Workaround

Known not affected 34 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64	—	Workaround

Threats

Impact Moderate

CVE-2024-30260

A flaw was found in the nodejs-undici package. Proxy-Authorization headers are not cleared on cross-origin redirects, which can allow for the exposure of sensitive data or allow an attacker to capture the persistent proxy-authentication header.

3.9 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

CWE-285 - Improper Authorization

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le	—	Vendor Fix fix Workaround

Known not affected 34 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64	—	Workaround

Threats

Impact Low

CVE-2024-30261

A flaw was found in the nodejs-undici package. This issue may allow an attacker to alter the integrity option passed to fetch(), allowing fetch() to accept requests as valid even if they have been tampered with.

2.6 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

CWE-284 - Improper Access Control

Affected products

Fixed 3 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le	—	Vendor Fix fix Workaround

Known not affected 34 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64	—	Workaround

Threats

Impact Low

CVE-2024-39338

A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Fixed 6 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le	—	Vendor Fix fix Workaround

Known not affected 31 products

Product	Version	Remediation
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x	—	Workaround
Unresolved product id: 8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64	—	Workaround

Threats

Impact Important

References

38 references

URL	Category
https://access.redhat.com/errata/RHSA-2024:6667	self
https://access.redhat.com/security/updates/classi…	external
https://issues.redhat.com/browse/CRW-6868	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2021-0341	self
https://bugzilla.redhat.com/show_bug.cgi?id=2154086	external
https://www.cve.org/CVERecord?id=CVE-2021-0341	external
https://nvd.nist.gov/vuln/detail/CVE-2021-0341	external
https://source.android.com/security/bulletin/2021-02-01	external
https://access.redhat.com/security/cve/CVE-2023-3635	self
https://bugzilla.redhat.com/show_bug.cgi?id=2229295	external
https://www.cve.org/CVERecord?id=CVE-2023-3635	external
https://nvd.nist.gov/vuln/detail/CVE-2023-3635	external
https://access.redhat.com/security/cve/CVE-2024-6345	self
https://bugzilla.redhat.com/show_bug.cgi?id=2297771	external
https://www.cve.org/CVERecord?id=CVE-2024-6345	external
https://nvd.nist.gov/vuln/detail/CVE-2024-6345	external
https://github.com/pypa/setuptools/commit/88807c7…	external
https://huntr.com/bounties/d6362117-ad57-4e83-951…	external
https://access.redhat.com/security/cve/CVE-2024-22234	self
https://bugzilla.redhat.com/show_bug.cgi?id=2265172	external
https://www.cve.org/CVERecord?id=CVE-2024-22234	external
https://nvd.nist.gov/vuln/detail/CVE-2024-22234	external
https://spring.io/security/cve-2024-22234	external
https://access.redhat.com/security/cve/CVE-2024-30260	self
https://bugzilla.redhat.com/show_bug.cgi?id=2273522	external
https://www.cve.org/CVERecord?id=CVE-2024-30260	external
https://nvd.nist.gov/vuln/detail/CVE-2024-30260	external
https://access.redhat.com/security/cve/CVE-2024-30261	self
https://bugzilla.redhat.com/show_bug.cgi?id=2273519	external
https://www.cve.org/CVERecord?id=CVE-2024-30261	external
https://nvd.nist.gov/vuln/detail/CVE-2024-30261	external
https://access.redhat.com/security/cve/CVE-2024-39338	self
https://bugzilla.redhat.com/show_bug.cgi?id=2304369	external
https://www.cve.org/CVERecord?id=CVE-2024-39338	external
https://nvd.nist.gov/vuln/detail/CVE-2024-39338	external
https://github.com/axios/axios/releases	external
https://jeffhacks.com/advisories/2024/06/24/CVE-2…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenShift Dev Spaces 3.16 has been released.\n\nAll containers have been updated to include feature enhancements, bug fixes and CVE fixes.\n\nFollowing the Red Hat Product Security standards this update is rated as having a security impact of Important. The Common Vulnerability Scoring System (CVSS) base score is available for every fixed CVE in the references section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\n\nThe 3.16 release is based on Eclipse Che 7.90 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\n\nUsers still using the v1 standard should migrate as soon as possible.\n\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\n\nDev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. \n\nhttps://access.redhat.com/support/policy/updates/openshift#crw",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2024:6667",
        "url": "https://access.redhat.com/errata/RHSA-2024:6667"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "CRW-6868",
        "url": "https://issues.redhat.com/browse/CRW-6868"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_6667.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.16.0 release",
    "tracking": {
      "current_release_date": "2024-12-18T05:26:37+00:00",
      "generator": {
        "date": "2024-12-18T05:26:37+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.3"
        }
      },
      "id": "RHSA-2024:6667",
      "initial_release_date": "2024-09-12T21:30:49+00:00",
      "revision_history": [
        {
          "date": "2024-09-12T21:30:49+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2024-09-12T21:30:49+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-12-18T05:26:37+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenShift Dev Spaces 3",
                "product": {
                  "name": "Red Hat OpenShift Dev Spaces 3",
                  "product_id": "8Base-RHOSDS-3",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_devspaces:3::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Dev Spaces"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
                "product": {
                  "name": "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
                  "product_id": "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.16-20"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
                "product": {
                  "name": "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
                  "product_id": "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.16-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
                "product": {
                  "name": "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
                  "product_id": "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.16-27"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
                "product": {
                  "name": "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
                  "product_id": "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8\u0026tag=3.16-67"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
                "product": {
                  "name": "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
                  "product_id": "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/idea-rhel8\u0026tag=3.16-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
                "product": {
                  "name": "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
                  "product_id": "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.16-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
                "product": {
                  "name": "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
                  "product_id": "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.16-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
                "product": {
                  "name": "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
                  "product_id": "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.16-70"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
                "product": {
                  "name": "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
                  "product_id": "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.16-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
                "product": {
                  "name": "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
                  "product_id": "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.16-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
                "product": {
                  "name": "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
                  "product_id": "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.16-14"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
                "product": {
                  "name": "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
                  "product_id": "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.16-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64",
                "product": {
                  "name": "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64",
                  "product_id": "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.16-6"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
                "product": {
                  "name": "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
                  "product_id": "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.16-20"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
                "product": {
                  "name": "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
                  "product_id": "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.16-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
                "product": {
                  "name": "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
                  "product_id": "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.16-27"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
                "product": {
                  "name": "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
                  "product_id": "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8\u0026tag=3.16-67"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
                "product": {
                  "name": "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
                  "product_id": "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.16-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
                "product": {
                  "name": "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
                  "product_id": "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.16-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
                "product": {
                  "name": "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
                  "product_id": "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.16-70"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
                "product": {
                  "name": "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
                  "product_id": "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.16-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
                "product": {
                  "name": "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
                  "product_id": "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.16-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
                "product": {
                  "name": "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
                  "product_id": "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.16-14"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
                "product": {
                  "name": "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
                  "product_id": "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.16-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
                "product": {
                  "name": "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
                  "product_id": "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.16-6"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
                "product": {
                  "name": "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
                  "product_id": "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-rhel8\u0026tag=3.16-20"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
                "product": {
                  "name": "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
                  "product_id": "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel8\u0026tag=3.16-4"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
                "product": {
                  "name": "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
                  "product_id": "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel8\u0026tag=3.16-27"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
                "product": {
                  "name": "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
                  "product_id": "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devfileregistry-rhel8\u0026tag=3.16-67"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
                "product": {
                  "name": "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
                  "product_id": "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel8\u0026tag=3.16-3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
                "product": {
                  "name": "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
                  "product_id": "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel8\u0026tag=3.16-6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
                "product": {
                  "name": "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
                  "product_id": "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.16-70"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
                "product": {
                  "name": "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
                  "product_id": "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel8\u0026tag=3.16-16"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
                "product": {
                  "name": "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
                  "product_id": "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel8-operator\u0026tag=3.16-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
                "product": {
                  "name": "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
                  "product_id": "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/server-rhel8\u0026tag=3.16-14"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
                "product": {
                  "name": "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
                  "product_id": "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel8\u0026tag=3.16-2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
                "product": {
                  "name": "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
                  "product_id": "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-rhel8\u0026tag=3.16-6"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le"
        },
        "product_reference": "devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64"
        },
        "product_reference": "devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x"
        },
        "product_reference": "devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le"
        },
        "product_reference": "devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64"
        },
        "product_reference": "devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x"
        },
        "product_reference": "devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64"
        },
        "product_reference": "devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x"
        },
        "product_reference": "devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
        },
        "product_reference": "devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64"
        },
        "product_reference": "devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le"
        },
        "product_reference": "devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x"
        },
        "product_reference": "devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le"
        },
        "product_reference": "devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x"
        },
        "product_reference": "devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64"
        },
        "product_reference": "devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x"
        },
        "product_reference": "devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le"
        },
        "product_reference": "devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64"
        },
        "product_reference": "devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64"
        },
        "product_reference": "devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64"
        },
        "product_reference": "devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le"
        },
        "product_reference": "devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x"
        },
        "product_reference": "devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64"
        },
        "product_reference": "devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le"
        },
        "product_reference": "devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x"
        },
        "product_reference": "devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64"
        },
        "product_reference": "devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x"
        },
        "product_reference": "devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le"
        },
        "product_reference": "devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x"
        },
        "product_reference": "devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64"
        },
        "product_reference": "devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le"
        },
        "product_reference": "devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x"
        },
        "product_reference": "devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64"
        },
        "product_reference": "devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le"
        },
        "product_reference": "devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le"
        },
        "product_reference": "devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x"
        },
        "product_reference": "devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
          "product_id": "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
        },
        "product_reference": "devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64",
        "relates_to_product_reference": "8Base-RHOSDS-3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-0341",
      "cwe": {
        "id": "CWE-295",
        "name": "Improper Certificate Validation"
      },
      "discovery_date": "2022-10-13T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2154086"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "okhttp: information disclosure via improperly used cryptographic function",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le"
        ],
        "known_not_affected": [
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
          "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
          "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
          "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
          "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2021-0341"
        },
        {
          "category": "external",
          "summary": "RHBZ#2154086",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2154086"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2021-0341",
          "url": "https://www.cve.org/CVERecord?id=CVE-2021-0341"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-0341",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0341"
        },
        {
          "category": "external",
          "summary": "https://source.android.com/security/bulletin/2021-02-01",
          "url": "https://source.android.com/security/bulletin/2021-02-01"
        }
      ],
      "release_date": "2021-02-10T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-09-12T21:30:49+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:6667"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "okhttp: information disclosure via improperly used cryptographic function"
    },
    {
      "cve": "CVE-2023-3635",
      "cwe": {
        "id": "CWE-248",
        "name": "Uncaught Exception"
      },
      "discovery_date": "2023-07-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2229295"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in SquareUp Okio. A class GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This issue may allow a malicious user to start processing a malformed file, which can result in a Denial of Service (DoS).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "okio: GzipSource class improper exception handling",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat JBoss Enterprise Application Platform XP does contain Okio package but is not using GzipSource.java, which is the affected class.\nRed Hat support for Spring Boot is considered low impact as it\u0027s used by Dekorate during compilation process and not included in the resulting Jar.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
          "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
          "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
          "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
          "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2023-3635"
        },
        {
          "category": "external",
          "summary": "RHBZ#2229295",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2229295"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2023-3635",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-3635"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-3635",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3635"
        }
      ],
      "release_date": "2023-07-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-09-12T21:30:49+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:6667"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "okio: GzipSource class improper exception handling"
    },
    {
      "cve": "CVE-2024-6345",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "discovery_date": "2024-07-15T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2297771"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the package_index module of pypa/setuptools. Affected versions of this package allow remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat OpenStack does not include setuptools. The ImcSdk component uses it only during compile time in our build systems, and we do not support recompiling SRPMs. As a result, Red Hat OpenStack is not affected by this flaw.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
          "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
          "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
          "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
          "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-6345"
        },
        {
          "category": "external",
          "summary": "RHBZ#2297771",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297771"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-6345",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-6345"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6345"
        },
        {
          "category": "external",
          "summary": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0",
          "url": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0"
        },
        {
          "category": "external",
          "summary": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5",
          "url": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5"
        }
      ],
      "release_date": "2024-07-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-09-12T21:30:49+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:6667"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "pypa/setuptools: Remote code execution via download functions in the package_index module in pypa/setuptools"
    },
    {
      "cve": "CVE-2024-22234",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2024-02-20T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2265172"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Spring Security. This issue may lead to Broken Access Control, allowing a malicious user to impact the Confidentiality and Integrity of an application or server. This requires the application to use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and have a null authentication parameter passed to it, resulting in an erroneous true return value.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat considers this as a Moderate impact since it requires the malicious user to have knowledge of how a server implements the authentication resolver from Spring Security. A validation is also suggested to make sure there are no null parameters and no erroneous true is triggered from this method.\n\nAn application is not vulnerable if any of the following are true:\n- The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly\n- The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated\n- The application only uses isFullyAuthenticated via Method Security or HTTP Request Security",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le"
        ],
        "known_not_affected": [
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
          "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
          "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
          "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
          "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-22234"
        },
        {
          "category": "external",
          "summary": "RHBZ#2265172",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265172"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22234",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-22234"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22234",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22234"
        },
        {
          "category": "external",
          "summary": "https://spring.io/security/cve-2024-22234",
          "url": "https://spring.io/security/cve-2024-22234"
        }
      ],
      "release_date": "2024-02-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-09-12T21:30:49+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:6667"
        },
        {
          "category": "workaround",
          "details": "Make sure the application is not vulnerable according to the description bullet points mentioned in this page.",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "spring-security: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated"
    },
    {
      "cve": "CVE-2024-30260",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "discovery_date": "2024-04-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2273522"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the nodejs-undici package. Proxy-Authorization headers are not cleared on cross-origin redirects, which can allow for the exposure of sensitive data or allow an attacker to capture the persistent proxy-authentication header.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
        ],
        "known_not_affected": [
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
          "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
          "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
          "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
          "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-30260"
        },
        {
          "category": "external",
          "summary": "RHBZ#2273522",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273522"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-30260",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-30260"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30260",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30260"
        }
      ],
      "release_date": "2024-04-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-09-12T21:30:49+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:6667"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline"
    },
    {
      "cve": "CVE-2024-30261",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2024-04-04T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2273519"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the nodejs-undici package. This issue may allow an attacker to alter the integrity option passed to fetch(), allowing fetch() to accept requests as valid even if they have been tampered with.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-undici: fetch() with integrity option is too lax when algorithm is specified but hash value is in incorrect",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
        ],
        "known_not_affected": [
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
          "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
          "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
          "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
          "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-30261"
        },
        {
          "category": "external",
          "summary": "RHBZ#2273519",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273519"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-30261",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-30261"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30261",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30261"
        }
      ],
      "release_date": "2024-04-04T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-09-12T21:30:49+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:6667"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "nodejs-undici: fetch() with integrity option is too lax when algorithm is specified but hash value is in incorrect"
    },
    {
      "cve": "CVE-2024-39338",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "discovery_date": "2024-08-13T17:21:32.774718+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2304369"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in the Axios HTTP Client. It is vulnerable to a server-side request forgery attack (SSRF) caused by unexpected behavior where requests for path-relative URLs get processed as protocol-relative URLs. This flaw allows an attacker to perform arbitrary requests from the server, potentially accessing internal systems or exfiltrating sensitive data.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "axios: axios: Server-Side Request Forgery",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated as IMPORTANT because it can be exploited remotely with low complexity and without user interaction, it poses a significant risk to confidentiality.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
          "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
          "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
        ],
        "known_not_affected": [
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
          "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
          "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
          "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
          "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
          "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
          "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
          "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
          "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
          "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
          "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
          "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
          "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-39338"
        },
        {
          "category": "external",
          "summary": "RHBZ#2304369",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304369"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-39338",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39338"
        },
        {
          "category": "external",
          "summary": "https://github.com/axios/axios/releases",
          "url": "https://github.com/axios/axios/releases"
        },
        {
          "category": "external",
          "summary": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html",
          "url": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html"
        }
      ],
      "release_date": "2024-08-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-09-12T21:30:49+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2024:6667"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:041378931ee0602b7bacc1b1a469e9bac97cdb77c73249e7ed6b1ab22d63a73e_ppc64le",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7c44847ee88c3ca6b55302fdd28a9fc643f32213ce47a43f7d34d72e1fb56cd4_amd64",
            "8Base-RHOSDS-3:devspaces/code-rhel8@sha256:7cbaeaa9210ac27b797bf14b81d77cd2ee90fc0e346320f9c914f6718bf60612_s390x",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:15bba1a42e790bad55c8290712b3f36abb45975dd793fc107cda8baeb19db5f8_ppc64le",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:65a064cf2946861ba6b00d3ed60d399b3c37273d8dca7cda0fb4f969657f9a64_amd64",
            "8Base-RHOSDS-3:devspaces/configbump-rhel8@sha256:edac785793c2b5e87d0f7ffeea7bf5129f4958189591e78619f94df7903bd8af_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:8ec2a46b1ecf52e944e7ee44bf8275b72f09c71c48d93ee8220f09b3df013f09_amd64",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:9fa9ef8ccbf060e44bee2650980acd58db5b8ab7a75321dcc5a015774a4d0d9b_s390x",
            "8Base-RHOSDS-3:devspaces/dashboard-rhel8@sha256:eccc09d2f5ebcca7748048c68ff36663b07bbf77db698dabb1208532c2ced7a6_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:124f570a143c892b2a50a3c8d451978d0127eefdf7905cfd6684110b2bbe283b_amd64",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:88bf479fe7aed60a3699ff6ddbec895515497cf4a4598e4535d2ece9ab3d403f_ppc64le",
            "8Base-RHOSDS-3:devspaces/devfileregistry-rhel8@sha256:9aa2faf93b2dad63b141578afd220505c2f091c3498230b2fcc12827f3b87936_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:6c28b6264a66507e2d73500ad8f4c78163e450557bed1eea8cdc964e0233aee5_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a58107d4a183fc02637b9f04ca63e71ec61ff93a6f098616bae7c3c8e7488faa_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:dcd45d89d8e8a7ab39a1ad2832f97ff46e8b1748991f32b2801eaad9f6eff8ba_amd64",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:2d19a94c9ed47a01cfbacdb6f555b748b2dfb5f789eb74a44b6e88ddf34e6ad2_s390x",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:7b9ffae5f1155a111ded6d4da37e2f1cf7252e01399b8af219c4005fdae08433_ppc64le",
            "8Base-RHOSDS-3:devspaces/devspaces-rhel8-operator@sha256:95ebe1eee34c39cb97ee35f587be06c801bc1df2799ff22957850484a374eef3_amd64",
            "8Base-RHOSDS-3:devspaces/idea-rhel8@sha256:5900bae4a8f3937cc2cbe18fe3f9a0e67f9fbe45698a489be10ade4898654512_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:1a60b0526a5a224f3459a2543a126196e023cb72766459240cadb330552e135c_amd64",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:6d7ec3176c60abff3cb7dc0c42f01de3422279830992036eabd2ba4cc7239244_ppc64le",
            "8Base-RHOSDS-3:devspaces/imagepuller-rhel8@sha256:ce32303628b801de3c130ecf8dcd182fd242f269864879ddd0ddf43f83f4b76a_s390x",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:050219134f2c59c7be2109eb20e75dae9d92b930844afe794cee6a8e7751b724_amd64",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:16dec22235b1cc87f280b78f9f96842aa3980c3c3a76bf6aeb73ab0c02b198f7_ppc64le",
            "8Base-RHOSDS-3:devspaces/machineexec-rhel8@sha256:bd454a1865e6b140fa803c6009624db373b38859ea33f12fcd5a23ab90e19b81_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:2f4ce15fd04dc92de55196f24faf69c34d17c972f8b031a9563fe6970ef92639_amd64",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:3842954883b1bded547b0026745b5c103321a90ae1902bcdb37705a1986cf9c8_s390x",
            "8Base-RHOSDS-3:devspaces/pluginregistry-rhel8@sha256:71a8618a93f82f437c726f649fc7de98465482e21b77ea06c272d29ef02fed16_ppc64le",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:324aa225723803002a2380488b075451cd60a8842946ea2d5159ad4ce2244aaa_s390x",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:72b9652056ada0c3360c4f04d46afde5acdcc06c993cda71f8e1e6aaa79bb235_amd64",
            "8Base-RHOSDS-3:devspaces/server-rhel8@sha256:c150d401685f3d7f2bfdd03927591295c8d7f82e6e2bc410cc4dc314f9900e67_ppc64le",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:52ff9a81170acfd97df4451aef4830dd5b7474711233d892888b8424982bd158_s390x",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:67efa1d8929e5f38078357ba1aa17bca1cfa65460f478bafed142afceea0269a_amd64",
            "8Base-RHOSDS-3:devspaces/traefik-rhel8@sha256:c26001afd728fa38fe3fd0842a1767d388b789f66b0272c335f0ef6e1e852c64_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:43a9111fa0579cc4ab1dc253077af73fb1e76beb963e99bbfdb30dc57ae3c5ef_ppc64le",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:4be81ccd4ce15e23487a0fcac930141c434f26795f102af608561f6fa4f36661_s390x",
            "8Base-RHOSDS-3:devspaces/udi-rhel8@sha256:82b9a9f22dfbd69356aaf5b8c4cbfb7931974dbfe993ac5a0d35b952dcff96ef_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "axios: axios: Server-Side Request Forgery"
    }
  ]
}

CVE-2023-3635 (GCVE-0-2023-3635)

Vulnerability from cvelistv5 – Published: 2023-07-12 18:34 – Updated: 2024-10-23 13:32

Title

Okio GzipSource unhandled exception Denial of Service

Summary

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.

Severity ?

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-195 - Signed to Unsigned Conversion Error

Assigner

JFROG

References

2 references

URL	Tags
https://research.jfrog.com/vulnerabilities/okio-g…
https://github.com/square/okio/commit/81bce1a30af…

Impacted products

1 product

Vendor	Product	Version
		Affected: 0.5.0 , < 1.0.0 (maven) Affected: 1.0.0 , < 1.17.6 (maven) Affected: 2.0.0 , < 3.0.0 (maven) Affected: 3.0.0 , < 3.4.0 (maven)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:01:57.503Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://research.jfrog.com/vulnerabilities/okio-gzip-source-unhandled-exception-dos-xray-523195/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-3635",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T17:26:23.899148Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-23T13:32:52.994Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://mvnrepository.com",
          "defaultStatus": "unaffected",
          "packageName": "com.squareup.okio:okio",
          "versions": [
            {
              "lessThan": "1.0.0",
              "status": "affected",
              "version": "0.5.0",
              "versionType": "maven"
            },
            {
              "lessThan": "1.17.6",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "maven"
            },
            {
              "lessThan": "3.0.0",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "maven"
            },
            {
              "lessThan": "3.4.0",
              "status": "affected",
              "version": "3.0.0",
              "versionType": "maven"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eGzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.\u003c/p\u003e"
            }
          ],
          "value": "GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-195",
              "description": "CWE-195: Signed to Unsigned Conversion Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-03T21:09:06.443Z",
        "orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
        "shortName": "JFROG"
      },
      "references": [
        {
          "url": "https://research.jfrog.com/vulnerabilities/okio-gzip-source-unhandled-exception-dos-xray-523195/"
        },
        {
          "url": "https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Okio GzipSource unhandled exception Denial of Service",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
    "assignerShortName": "JFROG",
    "cveId": "CVE-2023-3635",
    "datePublished": "2023-07-12T18:34:31.609Z",
    "dateReserved": "2023-07-12T12:46:57.470Z",
    "dateUpdated": "2024-10-23T13:32:52.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-6345 (GCVE-0-2024-6345)

Vulnerability from cvelistv5 – Published: 2024-07-15 00:00 – Updated: 2025-11-04 16:15

Title

Remote Code Execution in pypa/setuptools

Summary

A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.

Severity ?

8.8 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-94 - Improper Control of Generation of Code

Assigner

@huntr_ai

References

2 references

URL	Tags
https://huntr.com/bounties/d6362117-ad57-4e83-951…
https://github.com/pypa/setuptools/commit/88807c7…

Impacted products

1 product

Vendor	Product	Version
pypa	pypa/setuptools	Affected: unspecified , < 70.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:python:setuptools:69.1.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "setuptools",
            "vendor": "python",
            "versions": [
              {
                "lessThan": "70.0",
                "status": "affected",
                "version": "69.1.1",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-6345",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-15T13:33:16.586239Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-15T13:38:34.323Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:15:51.183Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00018.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pypa/setuptools",
          "vendor": "pypa",
          "versions": [
            {
              "lessThan": "70.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 Improper Control of Generation of Code",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-15T00:00:14.545Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntr_ai"
      },
      "references": [
        {
          "url": "https://huntr.com/bounties/d6362117-ad57-4e83-951f-b8141c6e7ca5"
        },
        {
          "url": "https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0"
        }
      ],
      "source": {
        "advisory": "d6362117-ad57-4e83-951f-b8141c6e7ca5",
        "discovery": "EXTERNAL"
      },
      "title": "Remote Code Execution in pypa/setuptools"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntr_ai",
    "cveId": "CVE-2024-6345",
    "datePublished": "2024-07-15T00:00:14.545Z",
    "dateReserved": "2024-06-26T08:16:17.895Z",
    "dateUpdated": "2025-11-04T16:15:51.183Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-0341 (GCVE-0-2021-0341)

Vulnerability from cvelistv5 – Published: 2021-02-10 16:50 – Updated: 2024-08-03 15:40

Summary

Severity ?

No CVSS data available.

CWE

Information disclosure

Assigner

google_android

References

1 reference

URL	Tags
https://source.android.com/security/bulletin/2021-02-01	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	Android	Affected: Android-8.1 Android-9 Android-10 Android-11

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T15:40:00.192Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2021-02-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Android",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Android-8.1 Android-9 Android-10 Android-11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-02-10T16:50:15.000Z",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://source.android.com/security/bulletin/2021-02-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@android.com",
          "ID": "CVE-2021-0341",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Android",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Android-8.1 Android-9 Android-10 Android-11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In verifyHostName of OkHostnameVerifier.java, there is a possible way to accept a certificate for the wrong domain due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-11Android ID: A-171980069"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://source.android.com/security/bulletin/2021-02-01",
              "refsource": "MISC",
              "url": "https://source.android.com/security/bulletin/2021-02-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2021-0341",
    "datePublished": "2021-02-10T16:50:15.000Z",
    "dateReserved": "2020-11-06T00:00:00.000Z",
    "dateUpdated": "2024-08-03T15:40:00.192Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-30261 (GCVE-0-2024-30261)

Vulnerability from cvelistv5 – Published: 2024-04-04 15:09 – Updated: 2025-11-04 16:11

Title

Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect

Summary

Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.

Severity ?

2.6 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

CWE

CWE-284 - Improper Access Control

Assigner

GitHub_M

References

7 references

URL	Tags
https://github.com/nodejs/undici/security/advisor…	x_refsource_CONFIRM
https://github.com/nodejs/undici/commit/2b39440bd…	x_refsource_MISC
https://github.com/nodejs/undici/commit/d542b8cd3…	x_refsource_MISC
https://hackerone.com/reports/2377760	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…

Impacted products

1 product

Vendor	Product	Version
nodejs	undici	Affected: >= 6.0.0, < 6.11.1 Affected: < 5.28.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:11:56.039Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672"
          },
          {
            "name": "https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055"
          },
          {
            "name": "https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3"
          },
          {
            "name": "https://hackerone.com/reports/2377760",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/2377760"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20240905-0008/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:nodejs:undici:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "undici",
            "vendor": "nodejs",
            "versions": [
              {
                "lessThan": "6.11.1",
                "status": "affected",
                "version": "6.0.0",
                "versionType": "custom"
              },
              {
                "lessThan": "5.28.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-30261",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-04T15:04:42.490317Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-04T15:06:10.584Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "undici",
          "vendor": "nodejs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 6.0.0, \u003c 6.11.1"
            },
            {
              "status": "affected",
              "version": "\u003c 5.28.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the `integrity` option passed to `fetch()`, allowing `fetch()` to accept requests as valid even if they have been tampered. This vulnerability was patched in version(s) 5.28.4 and 6.11.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 2.6,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284: Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-19T23:06:39.663Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672"
        },
        {
          "name": "https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055"
        },
        {
          "name": "https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3"
        },
        {
          "name": "https://hackerone.com/reports/2377760",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/2377760"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/"
        }
      ],
      "source": {
        "advisory": "GHSA-9qxr-qj54-h672",
        "discovery": "UNKNOWN"
      },
      "title": "Undici\u0027s fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-30261",
    "datePublished": "2024-04-04T15:09:11.369Z",
    "dateReserved": "2024-03-26T12:52:00.934Z",
    "dateUpdated": "2025-11-04T16:11:56.039Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-30260 (GCVE-0-2024-30260)

Vulnerability from cvelistv5 – Published: 2024-04-04 15:15 – Updated: 2025-11-04 16:11

Title

Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline

Summary

Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1.

Severity ?

3.9 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

CWE

CWE-285 - Improper Authorization

Assigner

GitHub_M

References

6 references

URL	Tags
https://github.com/nodejs/undici/security/advisor…	x_refsource_CONFIRM
https://github.com/nodejs/undici/commit/64e3402da…	x_refsource_MISC
https://github.com/nodejs/undici/commit/680574668…	x_refsource_MISC
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…
https://lists.fedoraproject.org/archives/list/pac…

Impacted products

1 product

Vendor	Product	Version
nodejs	undici	Affected: < 5.28.4 Affected: >= 6.0.0, < 6.11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-30260",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-05T13:43:37.003793Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:38:49.201Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:11:54.904Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7"
          },
          {
            "name": "https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f"
          },
          {
            "name": "https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20240905-0008/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "undici",
          "vendor": "nodejs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 5.28.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 6.0.0, \u003c 6.11.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici cleared Authorization and Proxy-Authorization headers for `fetch()`, but did not clear them for `undici.request()`. This vulnerability was patched in version(s) 5.28.4 and 6.11.1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-285",
              "description": "CWE-285: Improper Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-19T23:06:41.342Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7"
        },
        {
          "name": "https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f"
        },
        {
          "name": "https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/"
        },
        {
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/"
        }
      ],
      "source": {
        "advisory": "GHSA-m4v8-wqvr-p9f7",
        "discovery": "UNKNOWN"
      },
      "title": "Undici\u0027s Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-30260",
    "datePublished": "2024-04-04T15:15:44.653Z",
    "dateReserved": "2024-03-26T12:52:00.934Z",
    "dateUpdated": "2025-11-04T16:11:54.904Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-39338 (GCVE-0-2024-39338)

Vulnerability from cvelistv5 – Published: 2024-08-09 00:00 – Updated: 2024-08-15 19:26

Summary

axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs.

Severity ?

4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N

CWE

Assigner

mitre

References

2 references

URL	Tags
https://github.com/axios/axios/releases
https://jeffhacks.com/advisories/2024/06/24/CVE-2…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "axios",
            "vendor": "axios",
            "versions": [
              {
                "status": "affected",
                "version": "1.7.2"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-39338",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-15T19:24:57.844261Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-918",
                "description": "CWE-918 Server-Side Request Forgery (SSRF)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-15T19:26:34.904Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "axios 1.7.2 allows SSRF via unexpected behavior where requests for path relative URLs get processed as protocol relative URLs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-09T15:00:16.583Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/axios/axios/releases"
        },
        {
          "url": "https://jeffhacks.com/advisories/2024/06/24/CVE-2024-39338.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-39338",
    "datePublished": "2024-08-09T00:00:00.000Z",
    "dateReserved": "2024-06-23T00:00:00.000Z",
    "dateUpdated": "2024-08-15T19:26:34.904Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-22234 (GCVE-0-2024-22234)

Vulnerability from cvelistv5 – Published: 2024-02-20 07:02 – Updated: 2025-02-13 17:33

Title

CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated

Summary

In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method. Specifically, an application is vulnerable if: * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value. An application is not vulnerable if any of the following is true: * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly. * The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated * The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-284 - Improper Access Control

Assigner

vmware

References

2 references

URL	Tags
https://spring.io/security/cve-2024-22234
https://security.netapp.com/advisory/ntap-2024031…

Impacted products

1 product

Vendor	Product	Version
Spring	Spring Security	Affected: 6.1.x , < 6.1.7 (6.1.7) Affected: 6.2.x , < 6.2.2 (6.2.2)

Date Public ?

2024-02-19 08:59

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:vmware:spring_security:6.1.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "spring_security",
            "vendor": "vmware",
            "versions": [
              {
                "lessThan": "6.1.7",
                "status": "affected",
                "version": "6.1.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:vmware:spring_security:6.2.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unaffected",
            "product": "spring_security",
            "vendor": "vmware",
            "versions": [
              {
                "lessThan": "6.2.2",
                "status": "affected",
                "version": "6.2.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-22234",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-21T19:46:52.509563Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-284",
                "description": "CWE-284 Improper Access Control",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T17:21:05.285Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:43:33.656Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://spring.io/security/cve-2024-22234"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240315-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Spring Security",
          "vendor": "Spring",
          "versions": [
            {
              "lessThan": "6.1.7",
              "status": "affected",
              "version": "6.1.x",
              "versionType": "6.1.7"
            },
            {
              "lessThan": "6.2.2",
              "status": "affected",
              "version": "6.2.x",
              "versionType": "6.2.2"
            }
          ]
        }
      ],
      "datePublic": "2024-02-19T08:59:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIn Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the \u003ccode\u003eAuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u003c/code\u003e\u0026nbsp;method.\u003c/p\u003e\u003cp\u003eSpecifically, an application is vulnerable if:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe application uses \u003ccode\u003eAuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u003c/code\u003e\u0026nbsp;directly and a \u003ccode\u003enull\u003c/code\u003e\u0026nbsp;authentication parameter is passed to it resulting in an erroneous \u003ccode\u003etrue\u003c/code\u003e\u0026nbsp;return value.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eAn application is not vulnerable if any of the following is true:\u003c/p\u003e\u003cul\u003e\u003cli\u003eThe application does not use \u003ccode\u003eAuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u003c/code\u003e\u0026nbsp;directly.\u003c/li\u003e\u003cli\u003eThe application does not pass \u003ccode\u003enull\u003c/code\u003e\u0026nbsp;to \u003ccode\u003eAuthenticationTrustResolver.isFullyAuthenticated\u003c/code\u003e\u003c/li\u003e\u003cli\u003eThe application only uses \u003ccode\u003eisFullyAuthenticated\u003c/code\u003e\u0026nbsp;via \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html\"\u003eMethod Security\u003c/a\u003e\u0026nbsp;or \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html\"\u003eHTTP Request Security\u003c/a\u003e\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e"
            }
          ],
          "value": "In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0method.\n\nSpecifically, an application is vulnerable if:\n\n  *  The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly and a null\u00a0authentication parameter is passed to it resulting in an erroneous true\u00a0return value.\n\n\nAn application is not vulnerable if any of the following is true:\n\n  *  The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication)\u00a0directly.\n  *  The application does not pass null\u00a0to AuthenticationTrustResolver.isFullyAuthenticated\n  *  The application only uses isFullyAuthenticated\u00a0via  Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html \u00a0or  HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-03-15T11:06:18.496Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://spring.io/security/cve-2024-22234"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240315-0003/"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "CVE-2024-22234: Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2024-22234",
    "datePublished": "2024-02-20T07:02:50.873Z",
    "dateReserved": "2024-01-08T16:40:16.141Z",
    "dateUpdated": "2025-02-13T17:33:37.468Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2024_6667

CVE-2023-3635 (GCVE-0-2023-3635)

CVE-2024-6345 (GCVE-0-2024-6345)

CVE-2021-0341 (GCVE-0-2021-0341)

CVE-2024-30261 (GCVE-0-2024-30261)

CVE-2024-30260 (GCVE-0-2024-30260)

CVE-2024-39338 (GCVE-0-2024-39338)

CVE-2024-22234 (GCVE-0-2024-22234)

Tags

Sightings

Nomenclature