rhsa-2024_7706
Vulnerability from csaf_redhat
Published
2024-10-07 01:12
Modified
2024-12-17 19:02
Summary
Red Hat Security Advisory: Red Hat build of Cryostat security update
Notes
Topic
An update is now available for the Red Hat build of Cryostat 3 on RHEL 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
An update is now available for the Red Hat build of Cryostat 3 on RHEL 8.
Security Fix(es):
* webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule (CVE-2024-43788)
* dompurify: XSS vulnerability via prototype pollution (CVE-2024-45801)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for the Red Hat build of Cryostat 3 on RHEL 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "An update is now available for the Red Hat build of Cryostat 3 on RHEL 8.\n\nSecurity Fix(es):\n\n* webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule (CVE-2024-43788)\n* dompurify: XSS vulnerability via prototype pollution (CVE-2024-45801)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:7706", "url": "https://access.redhat.com/errata/RHSA-2024:7706" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "2308193", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308193" }, { "category": "external", "summary": "2312631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312631" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_7706.json" } ], "title": "Red Hat Security Advisory: Red Hat build of Cryostat security update", "tracking": { "current_release_date": "2024-12-17T19:02:22+00:00", "generator": { "date": "2024-12-17T19:02:22+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2024:7706", "initial_release_date": "2024-10-07T01:12:29+00:00", "revision_history": [ { "date": "2024-10-07T01:12:29+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-10-07T01:12:29+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-17T19:02:22+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Cryostat 3 on RHEL 8", "product": { "name": "Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3", "product_identification_helper": { "cpe": "cpe:/a:redhat:cryostat:3::el8" } } } ], "category": "product_family", "name": "Cryostat" }, { "branches": [ { "category": "product_version", "name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64", "product": { "name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64", "product_id": "cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64", "product_identification_helper": { "purl": "pkg:oci/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-db-rhel8\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64", "product": { "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64", "product_id": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64", "product_identification_helper": { "purl": "pkg:oci/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64", "product": { "name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64", "product_id": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64", "product_identification_helper": { "purl": "pkg:oci/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64", "product": { "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64", "product_id": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64", "product_identification_helper": { "purl": "pkg:oci/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-reports-rhel8\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64", "product": { "name": "cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64", "product_id": "cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64", "product_identification_helper": { "purl": "pkg:oci/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64", "product": { "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64", "product_id": "cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64", "product_identification_helper": { "purl": "pkg:oci/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-operator-bundle\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64", "product": { "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64", "product_id": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64", "product_identification_helper": { "purl": "pkg:oci/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8-operator\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64", "product": { "name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64", "product_id": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64", "product_identification_helper": { "purl": "pkg:oci/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-storage-rhel8\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64", "product": { "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64", "product_id": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64", "product_identification_helper": { "purl": "pkg:oci/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f?arch=arm64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8\u0026tag=3.0.1-3" } } } ], "category": "architecture", "name": "arm64" }, { "branches": [ { "category": "product_version", "name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64", "product": { "name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64", "product_id": "cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64", "product_identification_helper": { "purl": "pkg:oci/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-db-rhel8\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64", "product": { "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64", "product_id": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64", "product_identification_helper": { "purl": "pkg:oci/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-grafana-dashboard-rhel8\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64", "product": { "name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64", "product_id": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64", "product_identification_helper": { "purl": "pkg:oci/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64", "product": { "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64", "product_id": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64", "product_identification_helper": { "purl": "pkg:oci/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-reports-rhel8\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64", "product": { "name": "cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64", "product_id": "cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64", "product_identification_helper": { "purl": "pkg:oci/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64", "product": { "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64", "product_id": "cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64", "product_identification_helper": { "purl": "pkg:oci/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-operator-bundle\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64", "product": { "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64", "product_id": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64", "product_identification_helper": { "purl": "pkg:oci/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-rhel8-operator\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64", "product": { "name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64", "product_id": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64", "product_identification_helper": { "purl": "pkg:oci/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/cryostat-storage-rhel8\u0026tag=3.0.1-3" } } }, { "category": "product_version", "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64", "product": { "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64", "product_id": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64", "product_identification_helper": { "purl": "pkg:oci/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455?arch=amd64\u0026repository_url=registry.redhat.io/cryostat-tech-preview/jfr-datasource-rhel8\u0026tag=3.0.1-3" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64" }, "product_reference": "cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64" }, "product_reference": "cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64" }, "product_reference": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64" }, "product_reference": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64" }, "product_reference": "cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64" }, "product_reference": "cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64" }, "product_reference": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64" }, "product_reference": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64" }, "product_reference": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64" }, "product_reference": "cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64" }, "product_reference": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64" }, "product_reference": "cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64" }, "product_reference": "cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64" }, "product_reference": "cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64" }, "product_reference": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64" }, "product_reference": "cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64" }, "product_reference": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64", "relates_to_product_reference": "8Base-Cryostat-3" }, { "category": "default_component_of", "full_product_name": { "name": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64 as a component of Cryostat 3 on RHEL 8", "product_id": "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64" }, "product_reference": "cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64", "relates_to_product_reference": "8Base-Cryostat-3" } ] }, "vulnerabilities": [ { "cve": "CVE-2024-43788", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2024-08-27T17:20:06.890123+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2308193" } ], "notes": [ { "category": "description", "text": "A DOM Clobbering vulnerability was found in Webpack via `AutoPublicPathRuntimeModule`. DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script through seemingly benign HTML markups in the webpage, for example, through a post or comment, and leverages the gadgets (pieces of JS code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to Cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or ID attributes.", "title": "Vulnerability description" }, { "category": "summary", "text": "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule", "title": "Vulnerability summary" }, { "category": "other", "text": "The severity of this issue is classified as moderate rather than important due to the specific conditions required for exploitation. DOM Clobbering, while serious, can only be leveraged in environments where an attacker has the ability to inject unsanitized HTML attributes (e.g., `name` or `id`) into a web page. This limits the attack surface to applications that improperly sanitize user input and rely on Webpack-generated files. Furthermore, the exploitation depends on existing vulnerabilities in the sanitization process, rather than the direct execution of arbitrary scripts. As a result, while the issue can lead to XSS, its impact is constrained by the contextual requirement of HTML injection, lowering its overall severity compared to more direct XSS vectors.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-43788" }, { "category": "external", "summary": "RHBZ#2308193", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308193" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-43788", "url": "https://www.cve.org/CVERecord?id=CVE-2024-43788" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-43788", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43788" }, { "category": "external", "summary": "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61", "url": "https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a49758bf5a61" }, { "category": "external", "summary": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986", "url": "https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986" }, { "category": "external", "summary": "https://research.securitum.com/xss-in-amp4email-dom-clobbering", "url": "https://research.securitum.com/xss-in-amp4email-dom-clobbering" }, { "category": "external", "summary": "https://scnps.co/papers/sp23_domclob.pdf", "url": "https://scnps.co/papers/sp23_domclob.pdf" } ], "release_date": "2024-08-27T17:15:07.967000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-07T01:12:29+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7706" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, "products": [ "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "webpack: DOM Clobbering vulnerability in AutoPublicPathRuntimeModule" }, { "cve": "CVE-2024-45801", "cwe": { "id": "CWE-1333", "name": "Inefficient Regular Expression Complexity" }, "discovery_date": "2024-09-16T19:20:09.863249+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2312631" } ], "notes": [ { "category": "description", "text": "A flaw was found in DOMPurify. This issue may allow an attacker to use specially-crafted HTML to bypass the depth checking or use Prototype Pollution to weaken the depth check, which can lead to cross site scripting (XSS) attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "dompurify: XSS vulnerability via prototype pollution", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerability in DOMPurify, while significant, is categorized as moderate severity rather than important due to its specific conditions for exploitation. The issue requires not only a sophisticated nesting technique to bypass the depth checks but also the ability to leverage Prototype Pollution to weaken these protections. This makes the attack scenario relatively complex and less likely to be encountered in general use cases. Furthermore, the flaw impacts only certain configurations and usage patterns, thus reducing its immediate risk.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-45801" }, { "category": "external", "summary": "RHBZ#2312631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312631" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45801", "url": "https://www.cve.org/CVERecord?id=CVE-2024-45801" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45801", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45801" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21", "url": "https://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc", "url": "https://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc" }, { "category": "external", "summary": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674", "url": "https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674" } ], "release_date": "2024-09-16T19:16:11.080000+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-10-07T01:12:29+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:7706" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "version": "3.1" }, "products": [ "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:94f2ad856ccc1d3efed8871303ac0a0792efe8150ba0e7e1152f02e8e3acc80a_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-db-rhel8@sha256:cde38f98de9a139e0fa7e835dfc1d2c56ee91087cd01da4ce4bc46b06e0fd7ec_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:8ce54e90618eaa45627ed97e55a93e7754006f760b2f2e619c02f93c9acb5ce3_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-grafana-dashboard-rhel8@sha256:944d74356fd1997334e40e2ed60a2d2f3a4730895a4dab0e5952fc8de51edf3a_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:82a87b4ee8e5a4ebdb4f3c5df7d3d7ff5e8ebcf4313548072c0dbed08df2eb51_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-operator-bundle@sha256:93d0b7f6a0bb26707fffb1b18485427641711dbc6161effb28b4b5eaee5a612d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:4e8c4c26564bfa6d15cb3dd1ed0bf1a707f0dee78ddd1c0f801acd740f06ab0f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8@sha256:c38a44a12a45b65045576ab373e7d18641995709c4d330e01c3fe23ad74a280f_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:194e839e5733e70303b38d212362898b03fe0c12765726b159703d718787e7d6_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-reports-rhel8@sha256:2bc3f4475c1eac40cda1528944416f42af49b669fec8762e3dbad40a023f3bb4_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:af720cf07d638057b31dea56cc3514d394dc39461acef8d2573c4b0205c309d7_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8-operator@sha256:ff17460450719304fff283aeeb2ac59f9644bb2c659d38ea7520fe31b8aff41d_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:180392716b08b100430cddfd46b84c1b5b2a8648d53a36e67e1984359d5bba3b_arm64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-rhel8@sha256:aef0dc11169bf71824ff16a3fe307343cd07522b10e0759912f77c1b1e05b34c_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:5296794a5d38c60165a86671ced7e3812f75e2355d8a6d9721ab89accc93c1a6_amd64", "8Base-Cryostat-3:cryostat-tech-preview/cryostat-storage-rhel8@sha256:7e2ec282045e2698b254a26142c38d9923a8fbc0f7e096539df1f9fa86163234_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:30a0e9843b9b8f11305788baaef33534144dbe04e9b314e04534e6f13967b69f_arm64", "8Base-Cryostat-3:cryostat-tech-preview/jfr-datasource-rhel8@sha256:d6aca1dcf4bee8abfa4f0c674e7cdad49289d2c8bd77e0ccdd44e0e93df66455_amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "dompurify: XSS vulnerability via prototype pollution" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.