csaf_suse - suse-su-2022:3761-1

Vulnerability from csaf_suse

Published

2022-10-26 08:58

Modified

2022-10-26 08:58

Summary

Security update for release-notes-susemanager, release-notes-susemanager-proxy

Notes

Title of the patch

Security update for release-notes-susemanager, release-notes-susemanager-proxy

Description of the patch

This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues: Release notes for SUSE Manager: - Update to SUSE Manager 4.3.2 * Containerized proxy and RBS are now fully supported * HTTP API is now fully supported * Ubuntu 22.04 is now supported as a client * Cobbler has been upgraded to version 3.3.3 which also includes building ISOs with UEFI support * pip support has been added for the Salt Bundle * Prometheus exporter for Apache has been upgraded to 0.10.0 * CVEs fixed: CVE-2021-41411, CVE-2021-42740, CVE-2021-43138, CVE-2022-0860, CVE-2022-31129 * Bugs mentioned: bsc#1191857, bsc#1195624, bsc#1196729, bsc#1197027, bsc#1198168 bsc#1198903, bsc#1199726, bsc#1200480, bsc#1200573, bsc#1200629 bsc#1201210, bsc#1201220, bsc#1201260, bsc#1201626, bsc#1201753 bsc#1201788, bsc#1201913, bsc#1201918, bsc#1202271, bsc#1202272 bsc#1202367, bsc#1202455, bsc#1202464, bsc#1202602, bsc#1202728 bsc#1202729, bsc#1202805, bsc#1202899, bsc#1203026, bsc#1203049 bsc#1203056, bsc#1203169, bsc#1203287, bsc#1203288, bsc#1203385 bsc#1203406, bsc#1203422, bsc#1203449, bsc#1203478, bsc#1203484 bsc#1203564, bsc#1203585, bsc#1203611 Release notes for SUSE Manager Proxy: - Update to SUSE Manager 4.3.2 * Containerized proxy and RBS are now fully supported * CVEs fixed: CVE-2021-42740, CVE-2021-43138, CVE-2022-31129 * Bugs mentioned: bsc#1198168, bsc#1198903, bsc#1200480, bsc#1201589, bsc#1201788 bsc#1203287, bsc#1203288, bsc#1203585

Patchnames

SUSE-2022-3761,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2022-3761,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2022-3761,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2022-3761

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
   document: {
      aggregate_severity: {
         namespace: "https://www.suse.com/support/security/rating/",
         text: "moderate",
      },
      category: "csaf_security_advisory",
      csaf_version: "2.0",
      distribution: {
         text: "Copyright 2024 SUSE LLC. All rights reserved.",
         tlp: {
            label: "WHITE",
            url: "https://www.first.org/tlp/",
         },
      },
      lang: "en",
      notes: [
         {
            category: "summary",
            text: "Security update for release-notes-susemanager, release-notes-susemanager-proxy",
            title: "Title of the patch",
         },
         {
            category: "description",
            text: "This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues:\n\nRelease notes for SUSE Manager:\n\n- Update to SUSE Manager 4.3.2\n  * Containerized proxy and RBS are now fully supported\n  * HTTP API is now fully supported\n  * Ubuntu 22.04 is now supported as a client\n  * Cobbler has been upgraded to version 3.3.3 which also includes building ISOs with UEFI support\n  * pip support has been added for the Salt Bundle  \n  * Prometheus exporter for Apache has been upgraded to 0.10.0\n  * CVEs fixed: CVE-2021-41411, CVE-2021-42740, CVE-2021-43138, CVE-2022-0860, CVE-2022-31129\n  * Bugs mentioned:\n    bsc#1191857, bsc#1195624, bsc#1196729, bsc#1197027, bsc#1198168\n    bsc#1198903, bsc#1199726, bsc#1200480, bsc#1200573, bsc#1200629\n    bsc#1201210, bsc#1201220, bsc#1201260, bsc#1201626, bsc#1201753\n    bsc#1201788, bsc#1201913, bsc#1201918, bsc#1202271, bsc#1202272\n    bsc#1202367, bsc#1202455, bsc#1202464, bsc#1202602, bsc#1202728\n    bsc#1202729, bsc#1202805, bsc#1202899, bsc#1203026, bsc#1203049\n    bsc#1203056, bsc#1203169, bsc#1203287, bsc#1203288, bsc#1203385\n    bsc#1203406, bsc#1203422, bsc#1203449, bsc#1203478, bsc#1203484\n    bsc#1203564, bsc#1203585, bsc#1203611 \n\nRelease notes for SUSE Manager Proxy:\n\n- Update to SUSE Manager 4.3.2\n  * Containerized proxy and RBS are now fully supported\n  * CVEs fixed: CVE-2021-42740, CVE-2021-43138, CVE-2022-31129\n  * Bugs mentioned:\n    bsc#1198168, bsc#1198903, bsc#1200480, bsc#1201589, bsc#1201788\n    bsc#1203287, bsc#1203288, bsc#1203585 \n",
            title: "Description of the patch",
         },
         {
            category: "details",
            text: "SUSE-2022-3761,SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2022-3761,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.3-2022-3761,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2022-3761",
            title: "Patchnames",
         },
         {
            category: "legal_disclaimer",
            text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
            title: "Terms of use",
         },
      ],
      publisher: {
         category: "vendor",
         contact_details: "https://www.suse.com/support/security/contact/",
         name: "SUSE Product Security Team",
         namespace: "https://www.suse.com/",
      },
      references: [
         {
            category: "external",
            summary: "SUSE ratings",
            url: "https://www.suse.com/support/security/rating/",
         },
         {
            category: "self",
            summary: "URL of this CSAF notice",
            url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3761-1.json",
         },
         {
            category: "self",
            summary: "URL for SUSE-SU-2022:3761-1",
            url: "https://www.suse.com/support/update/announcement/2022/suse-su-20223761-1/",
         },
         {
            category: "self",
            summary: "E-Mail link for SUSE-SU-2022:3761-1",
            url: "https://lists.suse.com/pipermail/sle-security-updates/2022-October/012707.html",
         },
         {
            category: "self",
            summary: "SUSE Bug 1191857",
            url: "https://bugzilla.suse.com/1191857",
         },
         {
            category: "self",
            summary: "SUSE Bug 1195624",
            url: "https://bugzilla.suse.com/1195624",
         },
         {
            category: "self",
            summary: "SUSE Bug 1196729",
            url: "https://bugzilla.suse.com/1196729",
         },
         {
            category: "self",
            summary: "SUSE Bug 1197027",
            url: "https://bugzilla.suse.com/1197027",
         },
         {
            category: "self",
            summary: "SUSE Bug 1198168",
            url: "https://bugzilla.suse.com/1198168",
         },
         {
            category: "self",
            summary: "SUSE Bug 1198903",
            url: "https://bugzilla.suse.com/1198903",
         },
         {
            category: "self",
            summary: "SUSE Bug 1199726",
            url: "https://bugzilla.suse.com/1199726",
         },
         {
            category: "self",
            summary: "SUSE Bug 1200480",
            url: "https://bugzilla.suse.com/1200480",
         },
         {
            category: "self",
            summary: "SUSE Bug 1200573",
            url: "https://bugzilla.suse.com/1200573",
         },
         {
            category: "self",
            summary: "SUSE Bug 1200629",
            url: "https://bugzilla.suse.com/1200629",
         },
         {
            category: "self",
            summary: "SUSE Bug 1201210",
            url: "https://bugzilla.suse.com/1201210",
         },
         {
            category: "self",
            summary: "SUSE Bug 1201220",
            url: "https://bugzilla.suse.com/1201220",
         },
         {
            category: "self",
            summary: "SUSE Bug 1201260",
            url: "https://bugzilla.suse.com/1201260",
         },
         {
            category: "self",
            summary: "SUSE Bug 1201589",
            url: "https://bugzilla.suse.com/1201589",
         },
         {
            category: "self",
            summary: "SUSE Bug 1201626",
            url: "https://bugzilla.suse.com/1201626",
         },
         {
            category: "self",
            summary: "SUSE Bug 1201753",
            url: "https://bugzilla.suse.com/1201753",
         },
         {
            category: "self",
            summary: "SUSE Bug 1201788",
            url: "https://bugzilla.suse.com/1201788",
         },
         {
            category: "self",
            summary: "SUSE Bug 1201913",
            url: "https://bugzilla.suse.com/1201913",
         },
         {
            category: "self",
            summary: "SUSE Bug 1201918",
            url: "https://bugzilla.suse.com/1201918",
         },
         {
            category: "self",
            summary: "SUSE Bug 1202271",
            url: "https://bugzilla.suse.com/1202271",
         },
         {
            category: "self",
            summary: "SUSE Bug 1202272",
            url: "https://bugzilla.suse.com/1202272",
         },
         {
            category: "self",
            summary: "SUSE Bug 1202367",
            url: "https://bugzilla.suse.com/1202367",
         },
         {
            category: "self",
            summary: "SUSE Bug 1202455",
            url: "https://bugzilla.suse.com/1202455",
         },
         {
            category: "self",
            summary: "SUSE Bug 1202464",
            url: "https://bugzilla.suse.com/1202464",
         },
         {
            category: "self",
            summary: "SUSE Bug 1202602",
            url: "https://bugzilla.suse.com/1202602",
         },
         {
            category: "self",
            summary: "SUSE Bug 1202728",
            url: "https://bugzilla.suse.com/1202728",
         },
         {
            category: "self",
            summary: "SUSE Bug 1202729",
            url: "https://bugzilla.suse.com/1202729",
         },
         {
            category: "self",
            summary: "SUSE Bug 1202805",
            url: "https://bugzilla.suse.com/1202805",
         },
         {
            category: "self",
            summary: "SUSE Bug 1202899",
            url: "https://bugzilla.suse.com/1202899",
         },
         {
            category: "self",
            summary: "SUSE Bug 1203026",
            url: "https://bugzilla.suse.com/1203026",
         },
         {
            category: "self",
            summary: "SUSE Bug 1203049",
            url: "https://bugzilla.suse.com/1203049",
         },
         {
            category: "self",
            summary: "SUSE Bug 1203056",
            url: "https://bugzilla.suse.com/1203056",
         },
         {
            category: "self",
            summary: "SUSE Bug 1203169",
            url: "https://bugzilla.suse.com/1203169",
         },
         {
            category: "self",
            summary: "SUSE Bug 1203287",
            url: "https://bugzilla.suse.com/1203287",
         },
         {
            category: "self",
            summary: "SUSE Bug 1203288",
            url: "https://bugzilla.suse.com/1203288",
         },
         {
            category: "self",
            summary: "SUSE Bug 1203385",
            url: "https://bugzilla.suse.com/1203385",
         },
         {
            category: "self",
            summary: "SUSE Bug 1203406",
            url: "https://bugzilla.suse.com/1203406",
         },
         {
            category: "self",
            summary: "SUSE Bug 1203422",
            url: "https://bugzilla.suse.com/1203422",
         },
         {
            category: "self",
            summary: "SUSE Bug 1203449",
            url: "https://bugzilla.suse.com/1203449",
         },
         {
            category: "self",
            summary: "SUSE Bug 1203478",
            url: "https://bugzilla.suse.com/1203478",
         },
         {
            category: "self",
            summary: "SUSE Bug 1203484",
            url: "https://bugzilla.suse.com/1203484",
         },
         {
            category: "self",
            summary: "SUSE Bug 1203564",
            url: "https://bugzilla.suse.com/1203564",
         },
         {
            category: "self",
            summary: "SUSE Bug 1203585",
            url: "https://bugzilla.suse.com/1203585",
         },
         {
            category: "self",
            summary: "SUSE Bug 1203611",
            url: "https://bugzilla.suse.com/1203611",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2021-41411 page",
            url: "https://www.suse.com/security/cve/CVE-2021-41411/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2021-42740 page",
            url: "https://www.suse.com/security/cve/CVE-2021-42740/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2021-43138 page",
            url: "https://www.suse.com/security/cve/CVE-2021-43138/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2022-0860 page",
            url: "https://www.suse.com/security/cve/CVE-2022-0860/",
         },
         {
            category: "self",
            summary: "SUSE CVE CVE-2022-31129 page",
            url: "https://www.suse.com/security/cve/CVE-2022-31129/",
         },
      ],
      title: "Security update for release-notes-susemanager, release-notes-susemanager-proxy",
      tracking: {
         current_release_date: "2022-10-26T08:58:54Z",
         generator: {
            date: "2022-10-26T08:58:54Z",
            engine: {
               name: "cve-database.git:bin/generate-csaf.pl",
               version: "1",
            },
         },
         id: "SUSE-SU-2022:3761-1",
         initial_release_date: "2022-10-26T08:58:54Z",
         revision_history: [
            {
               date: "2022-10-26T08:58:54Z",
               number: "1",
               summary: "Current version",
            },
         ],
         status: "final",
         version: "1",
      },
   },
   product_tree: {
      branches: [
         {
            branches: [
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "release-notes-susemanager-4.3.2-150400.3.15.1.aarch64",
                        product: {
                           name: "release-notes-susemanager-4.3.2-150400.3.15.1.aarch64",
                           product_id: "release-notes-susemanager-4.3.2-150400.3.15.1.aarch64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.aarch64",
                        product: {
                           name: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.aarch64",
                           product_id: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.aarch64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "aarch64",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "release-notes-susemanager-4.3.2-150400.3.15.1.i586",
                        product: {
                           name: "release-notes-susemanager-4.3.2-150400.3.15.1.i586",
                           product_id: "release-notes-susemanager-4.3.2-150400.3.15.1.i586",
                        },
                     },
                     {
                        category: "product_version",
                        name: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.i586",
                        product: {
                           name: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.i586",
                           product_id: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.i586",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "i586",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
                        product: {
                           name: "release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
                           product_id: "release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
                        },
                     },
                     {
                        category: "product_version",
                        name: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.ppc64le",
                        product: {
                           name: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.ppc64le",
                           product_id: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.ppc64le",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "ppc64le",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
                        product: {
                           name: "release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
                           product_id: "release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
                        },
                     },
                     {
                        category: "product_version",
                        name: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.s390x",
                        product: {
                           name: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.s390x",
                           product_id: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.s390x",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "s390x",
               },
               {
                  branches: [
                     {
                        category: "product_version",
                        name: "release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
                        product: {
                           name: "release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
                           product_id: "release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
                        },
                     },
                     {
                        category: "product_version",
                        name: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                        product: {
                           name: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                           product_id: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                        },
                     },
                  ],
                  category: "architecture",
                  name: "x86_64",
               },
               {
                  branches: [
                     {
                        category: "product_name",
                        name: "SUSE Manager Proxy 4.3",
                        product: {
                           name: "SUSE Manager Proxy 4.3",
                           product_id: "SUSE Manager Proxy 4.3",
                           product_identification_helper: {
                              cpe: "cpe:/o:suse:suse-manager-proxy:4.3",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "SUSE Manager Retail Branch Server 4.3",
                        product: {
                           name: "SUSE Manager Retail Branch Server 4.3",
                           product_id: "SUSE Manager Retail Branch Server 4.3",
                           product_identification_helper: {
                              cpe: "cpe:/o:suse:suse-manager-retail-branch-server:4.3",
                           },
                        },
                     },
                     {
                        category: "product_name",
                        name: "SUSE Manager Server 4.3",
                        product: {
                           name: "SUSE Manager Server 4.3",
                           product_id: "SUSE Manager Server 4.3",
                           product_identification_helper: {
                              cpe: "cpe:/o:suse:suse-manager-server:4.3",
                           },
                        },
                     },
                  ],
                  category: "product_family",
                  name: "SUSE Linux Enterprise",
               },
            ],
            category: "vendor",
            name: "SUSE",
         },
      ],
      relationships: [
         {
            category: "default_component_of",
            full_product_name: {
               name: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64 as component of SUSE Manager Proxy 4.3",
               product_id: "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
            },
            product_reference: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
            relates_to_product_reference: "SUSE Manager Proxy 4.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64 as component of SUSE Manager Retail Branch Server 4.3",
               product_id: "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
            },
            product_reference: "release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
            relates_to_product_reference: "SUSE Manager Retail Branch Server 4.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le as component of SUSE Manager Server 4.3",
               product_id: "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
            },
            product_reference: "release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
            relates_to_product_reference: "SUSE Manager Server 4.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "release-notes-susemanager-4.3.2-150400.3.15.1.s390x as component of SUSE Manager Server 4.3",
               product_id: "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
            },
            product_reference: "release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
            relates_to_product_reference: "SUSE Manager Server 4.3",
         },
         {
            category: "default_component_of",
            full_product_name: {
               name: "release-notes-susemanager-4.3.2-150400.3.15.1.x86_64 as component of SUSE Manager Server 4.3",
               product_id: "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
            },
            product_reference: "release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
            relates_to_product_reference: "SUSE Manager Server 4.3",
         },
      ],
   },
   vulnerabilities: [
      {
         cve: "CVE-2021-41411",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2021-41411",
            },
         ],
         notes: [
            {
               category: "general",
               text: "drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
               "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
               "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
               "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
               "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2021-41411",
               url: "https://www.suse.com/security/cve/CVE-2021-41411",
            },
            {
               category: "external",
               summary: "SUSE Bug 1200629 for CVE-2021-41411",
               url: "https://bugzilla.suse.com/1200629",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                  "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               products: [
                  "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                  "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2022-10-26T08:58:54Z",
               details: "important",
            },
         ],
         title: "CVE-2021-41411",
      },
      {
         cve: "CVE-2021-42740",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2021-42740",
            },
         ],
         notes: [
            {
               category: "general",
               text: "The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
               "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
               "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
               "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
               "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2021-42740",
               url: "https://www.suse.com/security/cve/CVE-2021-42740",
            },
            {
               category: "external",
               summary: "SUSE Bug 1203287 for CVE-2021-42740",
               url: "https://bugzilla.suse.com/1203287",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                  "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               products: [
                  "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                  "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2022-10-26T08:58:54Z",
               details: "critical",
            },
         ],
         title: "CVE-2021-42740",
      },
      {
         cve: "CVE-2021-43138",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2021-43138",
            },
         ],
         notes: [
            {
               category: "general",
               text: "In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
               "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
               "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
               "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
               "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2021-43138",
               url: "https://www.suse.com/security/cve/CVE-2021-43138",
            },
            {
               category: "external",
               summary: "SUSE Bug 1200480 for CVE-2021-43138",
               url: "https://bugzilla.suse.com/1200480",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                  "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 7.8,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               products: [
                  "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                  "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2022-10-26T08:58:54Z",
               details: "important",
            },
         ],
         title: "CVE-2021-43138",
      },
      {
         cve: "CVE-2022-0860",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2022-0860",
            },
         ],
         notes: [
            {
               category: "general",
               text: "Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
               "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
               "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
               "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
               "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2022-0860",
               url: "https://www.suse.com/security/cve/CVE-2022-0860",
            },
            {
               category: "external",
               summary: "SUSE Bug 1197027 for CVE-2022-0860",
               url: "https://bugzilla.suse.com/1197027",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                  "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 8.2,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                  version: "3.1",
               },
               products: [
                  "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                  "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2022-10-26T08:58:54Z",
               details: "important",
            },
         ],
         title: "CVE-2022-0860",
      },
      {
         cve: "CVE-2022-31129",
         ids: [
            {
               system_name: "SUSE CVE Page",
               text: "https://www.suse.com/security/cve/CVE-2022-31129",
            },
         ],
         notes: [
            {
               category: "general",
               text: "moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.",
               title: "CVE description",
            },
         ],
         product_status: {
            recommended: [
               "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
               "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
               "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
               "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
               "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
            ],
         },
         references: [
            {
               category: "external",
               summary: "CVE-2022-31129",
               url: "https://www.suse.com/security/cve/CVE-2022-31129",
            },
            {
               category: "external",
               summary: "SUSE Bug 1203288 for CVE-2022-31129",
               url: "https://bugzilla.suse.com/1203288",
            },
         ],
         remediations: [
            {
               category: "vendor_fix",
               details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
               product_ids: [
                  "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                  "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
               ],
            },
         ],
         scores: [
            {
               cvss_v3: {
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               products: [
                  "SUSE Manager Proxy 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                  "SUSE Manager Retail Branch Server 4.3:release-notes-susemanager-proxy-4.3.2-150400.3.9.3.x86_64",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.ppc64le",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.s390x",
                  "SUSE Manager Server 4.3:release-notes-susemanager-4.3.2-150400.3.15.1.x86_64",
               ],
            },
         ],
         threats: [
            {
               category: "impact",
               date: "2022-10-26T08:58:54Z",
               details: "important",
            },
         ],
         title: "CVE-2022-31129",
      },
   ],
}

cve-2021-42740

Vulnerability from cvelistv5

Published

2021-10-21 14:46

Modified

2024-08-04 03:38

Severity ?

Summary

The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.

References

▼	URL	Tags
	https://www.npmjs.com/package/shell-quote	x_refsource_MISC
	https://github.com/substack/node-shell-quote/blob/master/CHANGELOG.md#173	x_refsource_CONFIRM
	https://github.com/substack/node-shell-quote/commit/5799416ed454aa4ec9afafc895b4e31760ea1abe	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T03:38:50.098Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.npmjs.com/package/shell-quote",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/substack/node-shell-quote/blob/master/CHANGELOG.md#173",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://github.com/substack/node-shell-quote/commit/5799416ed454aa4ec9afafc895b4e31760ea1abe",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-21T14:46:08",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.npmjs.com/package/shell-quote",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/substack/node-shell-quote/blob/master/CHANGELOG.md#173",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/substack/node-shell-quote/commit/5799416ed454aa4ec9afafc895b4e31760ea1abe",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2021-42740",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The shell-quote package before 1.7.3 for Node.js allows command injection. An attacker can inject unescaped shell metacharacters through a regex designed to support Windows drive letters. If the output of this package is passed to a real shell as a quoted argument to a command with exec(), an attacker can inject arbitrary commands. This is because the Windows drive letter regex character class is {A-z] instead of the correct {A-Za-z]. Several shell metacharacters exist in the space between capital letter Z and lower case letter a, such as the backtick character.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.npmjs.com/package/shell-quote",
                     refsource: "MISC",
                     url: "https://www.npmjs.com/package/shell-quote",
                  },
                  {
                     name: "https://github.com/substack/node-shell-quote/blob/master/CHANGELOG.md#173",
                     refsource: "CONFIRM",
                     url: "https://github.com/substack/node-shell-quote/blob/master/CHANGELOG.md#173",
                  },
                  {
                     name: "https://github.com/substack/node-shell-quote/commit/5799416ed454aa4ec9afafc895b4e31760ea1abe",
                     refsource: "CONFIRM",
                     url: "https://github.com/substack/node-shell-quote/commit/5799416ed454aa4ec9afafc895b4e31760ea1abe",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-42740",
      datePublished: "2021-10-21T14:46:08",
      dateReserved: "2021-10-20T00:00:00",
      dateUpdated: "2024-08-04T03:38:50.098Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-0860

Vulnerability from cvelistv5

Published

2022-03-11 12:50

Modified

2024-08-02 23:40

Severity ?

8.2 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Summary

Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.

References

▼	URL	Tags
	https://huntr.dev/bounties/c458b868-63df-414e-af10-47e3745caa1d	x_refsource_CONFIRM
	https://github.com/cobbler/cobbler/commit/9044aa990a94752fa5bd5a24051adde099280bfa	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYWYHWVVRUSPCV5SWBOSAMQJQLTSBTKY/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4KCNZYBQC2FM5SEEDRQZO4LRZ4ZECMG/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYSHMF6MEIITFAG7EJ3IQKVUN7MDV2XM/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	cobbler	cobbler/cobbler	Version: unspecified < 3.3.2

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T23:40:04.519Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/c458b868-63df-414e-af10-47e3745caa1d",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/cobbler/cobbler/commit/9044aa990a94752fa5bd5a24051adde099280bfa",
               },
               {
                  name: "FEDORA-2022-224e71968f",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYWYHWVVRUSPCV5SWBOSAMQJQLTSBTKY/",
               },
               {
                  name: "FEDORA-2022-445ec90e7c",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4KCNZYBQC2FM5SEEDRQZO4LRZ4ZECMG/",
               },
               {
                  name: "FEDORA-2022-ad2b0ad61b",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_FEDORA",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYSHMF6MEIITFAG7EJ3IQKVUN7MDV2XM/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "cobbler/cobbler",
               vendor: "cobbler",
               versions: [
                  {
                     lessThan: "3.3.2",
                     status: "affected",
                     version: "unspecified",
                     versionType: "custom",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 8.2,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-285",
                     description: "CWE-285 Improper Authorization",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-03-31T02:06:16",
            orgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
            shortName: "@huntrdev",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://huntr.dev/bounties/c458b868-63df-414e-af10-47e3745caa1d",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/cobbler/cobbler/commit/9044aa990a94752fa5bd5a24051adde099280bfa",
            },
            {
               name: "FEDORA-2022-224e71968f",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DYWYHWVVRUSPCV5SWBOSAMQJQLTSBTKY/",
            },
            {
               name: "FEDORA-2022-445ec90e7c",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D4KCNZYBQC2FM5SEEDRQZO4LRZ4ZECMG/",
            },
            {
               name: "FEDORA-2022-ad2b0ad61b",
               tags: [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IYSHMF6MEIITFAG7EJ3IQKVUN7MDV2XM/",
            },
         ],
         source: {
            advisory: "c458b868-63df-414e-af10-47e3745caa1d",
            discovery: "EXTERNAL",
         },
         title: "Improper Authorization in cobbler/cobbler",
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "security@huntr.dev",
               ID: "CVE-2022-0860",
               STATE: "PUBLIC",
               TITLE: "Improper Authorization in cobbler/cobbler",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "cobbler/cobbler",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "<",
                                          version_value: "3.3.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "cobbler",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 8.2,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-285 Improper Authorization",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://huntr.dev/bounties/c458b868-63df-414e-af10-47e3745caa1d",
                     refsource: "CONFIRM",
                     url: "https://huntr.dev/bounties/c458b868-63df-414e-af10-47e3745caa1d",
                  },
                  {
                     name: "https://github.com/cobbler/cobbler/commit/9044aa990a94752fa5bd5a24051adde099280bfa",
                     refsource: "MISC",
                     url: "https://github.com/cobbler/cobbler/commit/9044aa990a94752fa5bd5a24051adde099280bfa",
                  },
                  {
                     name: "FEDORA-2022-224e71968f",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYWYHWVVRUSPCV5SWBOSAMQJQLTSBTKY/",
                  },
                  {
                     name: "FEDORA-2022-445ec90e7c",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D4KCNZYBQC2FM5SEEDRQZO4LRZ4ZECMG/",
                  },
                  {
                     name: "FEDORA-2022-ad2b0ad61b",
                     refsource: "FEDORA",
                     url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYSHMF6MEIITFAG7EJ3IQKVUN7MDV2XM/",
                  },
               ],
            },
            source: {
               advisory: "c458b868-63df-414e-af10-47e3745caa1d",
               discovery: "EXTERNAL",
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a",
      assignerShortName: "@huntrdev",
      cveId: "CVE-2022-0860",
      datePublished: "2022-03-11T12:50:10",
      dateReserved: "2022-03-04T00:00:00",
      dateUpdated: "2024-08-02T23:40:04.519Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-41411

Vulnerability from cvelistv5

Published

2022-06-16 09:52

Modified

2024-08-04 03:08

Severity ?

Summary

drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.

References

▼	URL	Tags
	https://github.com/kiegroup/drools/pull/3808	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T03:08:32.436Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://github.com/kiegroup/drools/pull/3808",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-06-16T09:52:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/kiegroup/drools/pull/3808",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2021-41411",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://github.com/kiegroup/drools/pull/3808",
                     refsource: "MISC",
                     url: "https://github.com/kiegroup/drools/pull/3808",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-41411",
      datePublished: "2022-06-16T09:52:01",
      dateReserved: "2021-09-20T00:00:00",
      dateUpdated: "2024-08-04T03:08:32.436Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2021-43138

Vulnerability from cvelistv5

Published

2022-04-06 00:00

Modified

2024-08-04 03:47

Severity ?

Summary

In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.

References

▼	URL	Tags
	https://github.com/caolan/async/blob/master/lib/internal/iterator.js
	https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js
	https://jsfiddle.net/oz5twjd9/
	https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d
	https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264
	https://github.com/caolan/async/pull/1828
	https://github.com/caolan/async/compare/v2.6.3...v2.6.4
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/	vendor-advisory
	https://security.netapp.com/advisory/ntap-20240621-0006/

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T03:47:13.575Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/caolan/async/blob/master/lib/internal/iterator.js",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://jsfiddle.net/oz5twjd9/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/caolan/async/pull/1828",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/caolan/async/compare/v2.6.3...v2.6.4",
               },
               {
                  name: "FEDORA-2023-ce8943223c",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/",
               },
               {
                  name: "FEDORA-2023-18fd476362",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-06-21T19:07:23.908408",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://github.com/caolan/async/blob/master/lib/internal/iterator.js",
            },
            {
               url: "https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js",
            },
            {
               url: "https://jsfiddle.net/oz5twjd9/",
            },
            {
               url: "https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d",
            },
            {
               url: "https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264",
            },
            {
               url: "https://github.com/caolan/async/pull/1828",
            },
            {
               url: "https://github.com/caolan/async/compare/v2.6.3...v2.6.4",
            },
            {
               name: "FEDORA-2023-ce8943223c",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/",
            },
            {
               name: "FEDORA-2023-18fd476362",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20240621-0006/",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-43138",
      datePublished: "2022-04-06T00:00:00",
      dateReserved: "2021-11-01T00:00:00",
      dateUpdated: "2024-08-04T03:47:13.575Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-31129

Vulnerability from cvelistv5

Published

2022-07-06 00:00

Modified

2024-08-03 07:11

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.

References

▼	URL	Tags
	https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g
	https://github.com/moment/moment/pull/6015#issuecomment-1152961973
	https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3
	https://huntr.dev/bounties/f0952b67-f2ff-44a9-a9cd-99e0a87cb633/
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWY24RJA3SBJGA5N4CU4VBPHJPPPJL5O/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZMX5YHELQVCGKKQVFXIYOTBMN23YYSRO/	vendor-advisory
	https://security.netapp.com/advisory/ntap-20221014-0003/
	https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html	mailing-list

Impacted products

	Vendor	Product	Version
	moment	moment	Version: >= 2.18.0, < 2.29.4

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T07:11:39.222Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/moment/moment/pull/6015#issuecomment-1152961973",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://huntr.dev/bounties/f0952b67-f2ff-44a9-a9cd-99e0a87cb633/",
               },
               {
                  name: "FEDORA-2022-85aa8e5706",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/",
               },
               {
                  name: "FEDORA-2022-35b698150c",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/",
               },
               {
                  name: "FEDORA-2022-b9ef7c3c3c",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWY24RJA3SBJGA5N4CU4VBPHJPPPJL5O/",
               },
               {
                  name: "FEDORA-2022-798fd95813",
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZMX5YHELQVCGKKQVFXIYOTBMN23YYSRO/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://security.netapp.com/advisory/ntap-20221014-0003/",
               },
               {
                  name: "[debian-lts-announce] 20230130 [SECURITY] [DLA 3295-1] node-moment security update",
                  tags: [
                     "mailing-list",
                     "x_transferred",
                  ],
                  url: "https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "moment",
               vendor: "moment",
               versions: [
                  {
                     status: "affected",
                     version: " >= 2.18.0, < 2.29.4",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-400",
                     description: "CWE-400: Uncontrolled Resource Consumption",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-01-31T00:00:00",
            orgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
            shortName: "GitHub_M",
         },
         references: [
            {
               url: "https://github.com/moment/moment/security/advisories/GHSA-wc69-rhjr-hc9g",
            },
            {
               url: "https://github.com/moment/moment/pull/6015#issuecomment-1152961973",
            },
            {
               url: "https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3",
            },
            {
               url: "https://huntr.dev/bounties/f0952b67-f2ff-44a9-a9cd-99e0a87cb633/",
            },
            {
               name: "FEDORA-2022-85aa8e5706",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIO6YNLTK2T7SPKDS4JEL45FANLNC2Q/",
            },
            {
               name: "FEDORA-2022-35b698150c",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORJX2LF6KMPIHP6B2P6KZIVKMLE3LVJ5/",
            },
            {
               name: "FEDORA-2022-b9ef7c3c3c",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IWY24RJA3SBJGA5N4CU4VBPHJPPPJL5O/",
            },
            {
               name: "FEDORA-2022-798fd95813",
               tags: [
                  "vendor-advisory",
               ],
               url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZMX5YHELQVCGKKQVFXIYOTBMN23YYSRO/",
            },
            {
               url: "https://security.netapp.com/advisory/ntap-20221014-0003/",
            },
            {
               name: "[debian-lts-announce] 20230130 [SECURITY] [DLA 3295-1] node-moment security update",
               tags: [
                  "mailing-list",
               ],
               url: "https://lists.debian.org/debian-lts-announce/2023/01/msg00035.html",
            },
         ],
         source: {
            advisory: "GHSA-wc69-rhjr-hc9g",
            discovery: "UNKNOWN",
         },
         title: "Inefficient Regular Expression Complexity in moment",
      },
   },
   cveMetadata: {
      assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
      assignerShortName: "GitHub_M",
      cveId: "CVE-2022-31129",
      datePublished: "2022-07-06T00:00:00",
      dateReserved: "2022-05-18T00:00:00",
      dateUpdated: "2024-08-03T07:11:39.222Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

Vulnerability from csaf_suse

cve-2021-42740

Vulnerability from cvelistv5

cve-2022-0860

Vulnerability from cvelistv5

cve-2021-41411

Vulnerability from cvelistv5

cve-2021-43138

Vulnerability from cvelistv5

cve-2022-31129

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature