rhba-2024:9054
Vulnerability from csaf_redhat
Published
2024-11-11 01:39
Modified
2025-04-16 01:42
Summary
Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.3.1 bugfix release
Notes
Topic
Red Hat Developer Hub 1.3.1 has been released.
Details
Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed,
customizable developer portal based on Backstage.io. RHDH is supported on
OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features
of RHDH include a single pane of glass, a centralized software catalog,
self-service via golden path templates, and Tech Docs. RHDH is extensible by
plugins.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat Developer Hub 1.3.1 has been released.", title: "Topic", }, { category: "general", text: "Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed,\ncustomizable developer portal based on Backstage.io. RHDH is supported on\nOpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features\nof RHDH include a single pane of glass, a centralized software catalog,\nself-service via golden path templates, and Tech Docs. RHDH is extensible by\nplugins.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHBA-2024:9054", url: "https://access.redhat.com/errata/RHBA-2024:9054", }, { category: "external", summary: "https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.3", url: "https://docs.redhat.com/en/documentation/red_hat_developer_hub/1.3", }, { category: "external", summary: "RHIDP-4343", url: "https://issues.redhat.com/browse/RHIDP-4343", }, { category: "external", summary: "RHIDP-4344", url: "https://issues.redhat.com/browse/RHIDP-4344", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhba-2024_9054.json", }, ], title: "Red Hat Bug Fix Advisory: Red Hat Developer Hub 1.3.1 bugfix release", tracking: { current_release_date: "2025-04-16T01:42:57+00:00", generator: { date: "2025-04-16T01:42:57+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.2", }, }, id: "RHBA-2024:9054", initial_release_date: "2024-11-11T01:39:34+00:00", revision_history: [ { date: "2024-11-11T01:39:34+00:00", number: "1", summary: "Initial version", }, { date: "2024-11-11T01:39:34+00:00", number: "2", summary: "Last updated version", }, { date: "2025-04-16T01:42:57+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Developer Hub 1.3 for RHEL 9", product: { name: "Red Hat Developer Hub 1.3 for RHEL 9", product_id: "9Base-RHDH-1.3", product_identification_helper: { cpe: "cpe:/a:redhat:rhdh:1.3::el9", }, }, }, ], category: "product_family", name: "Red Hat Developer Hub", }, { branches: [ { category: "product_version", name: "rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", product: { name: "rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", product_id: "rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", product_identification_helper: { purl: "pkg:oci/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314?arch=amd64&repository_url=registry.redhat.io/rhdh/rhdh-hub-rhel9&tag=1.3-124", }, }, }, { category: "product_version", name: "rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", product: { name: "rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", product_id: "rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", product_identification_helper: { purl: "pkg:oci/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295?arch=amd64&repository_url=registry.redhat.io/rhdh/rhdh-operator-bundle&tag=1.3-118", }, }, }, { category: "product_version", name: "rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", product: { name: "rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", product_id: "rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", product_identification_helper: { purl: "pkg:oci/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167?arch=amd64&repository_url=registry.redhat.io/rhdh/rhdh-rhel9-operator&tag=1.3-119", }, }, }, ], category: "architecture", name: "amd64", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64 as a component of Red Hat Developer Hub 1.3 for RHEL 9", product_id: "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", }, product_reference: "rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", relates_to_product_reference: "9Base-RHDH-1.3", }, { category: "default_component_of", full_product_name: { name: "rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64 as a component of Red Hat Developer Hub 1.3 for RHEL 9", product_id: "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", }, product_reference: "rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", relates_to_product_reference: "9Base-RHDH-1.3", }, { category: "default_component_of", full_product_name: { name: "rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64 as a component of Red Hat Developer Hub 1.3 for RHEL 9", product_id: "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", }, product_reference: "rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", relates_to_product_reference: "9Base-RHDH-1.3", }, ], }, vulnerabilities: [ { cve: "CVE-2024-21536", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-10-19T06:00:36.846953+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2319884", }, ], notes: [ { category: "description", text: "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths.", title: "Vulnerability description", }, { category: "summary", text: "http-proxy-middleware: Denial of Service", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", ], known_not_affected: [ "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-21536", }, { category: "external", summary: "RHBZ#2319884", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2319884", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-21536", url: "https://www.cve.org/CVERecord?id=CVE-2024-21536", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-21536", }, { category: "external", summary: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", url: "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", url: "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5", }, { category: "external", summary: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", url: "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22", }, { category: "external", summary: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", url: "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906", }, ], release_date: "2024-10-19T05:00:04.056000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-11T01:39:34+00:00", details: "To install the Red Hat Developer Hub 1.3, follow the instructions linked from the References section.", product_ids: [ "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2024:9054", }, { category: "workaround", details: "Red Hat Product Security does not have any mitigation recommendations at this time.", product_ids: [ "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "http-proxy-middleware: Denial of Service", }, { cve: "CVE-2024-37890", cwe: { id: "CWE-400", name: "Uncontrolled Resource Consumption", }, discovery_date: "2024-06-17T00:00:00+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2292777", }, ], notes: [ { category: "description", text: "A flaw was found in the Node.js WebSocket library (ws). A request with several headers exceeding the 'server.maxHeadersCount' threshold could be used to crash a ws server, leading to a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "nodejs-ws: denial of service when handling a request with many HTTP headers", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", ], known_not_affected: [ "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-37890", }, { category: "external", summary: "RHBZ#2292777", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2292777", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-37890", url: "https://www.cve.org/CVERecord?id=CVE-2024-37890", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-37890", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-37890", }, { category: "external", summary: "https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q", url: "https://github.com/websockets/ws/security/advisories/GHSA-3h5v-q93c-6h6q", }, ], release_date: "2024-06-16T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-11T01:39:34+00:00", details: "To install the Red Hat Developer Hub 1.3, follow the instructions linked from the References section.", product_ids: [ "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2024:9054", }, { category: "workaround", details: "The issue can be mitigated by reducing the maximum allowed length of the request headers using the --max-http-header-size=size or the maxHeaderSize options so that no more headers than the server.maxHeadersCount limit can be sent. The issue can be mitigated also by seting server.maxHeadersCount to 0.", product_ids: [ "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "nodejs-ws: denial of service when handling a request with many HTTP headers", }, { cve: "CVE-2024-45590", cwe: { id: "CWE-405", name: "Asymmetric Resource Consumption (Amplification)", }, discovery_date: "2024-09-10T16:20:29.292154+00:00", flags: [ { label: "vulnerable_code_not_present", product_ids: [ "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", ], }, ], ids: [ { system_name: "Red Hat Bugzilla ID", text: "2311171", }, ], notes: [ { category: "description", text: "A flaw was found in body-parser. This vulnerability causes denial of service via a specially crafted payload when the URL encoding is enabled.", title: "Vulnerability description", }, { category: "summary", text: "body-parser: Denial of Service Vulnerability in body-parser", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", ], known_not_affected: [ "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2024-45590", }, { category: "external", summary: "RHBZ#2311171", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2311171", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2024-45590", url: "https://www.cve.org/CVERecord?id=CVE-2024-45590", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-45590", }, { category: "external", summary: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", url: "https://github.com/expressjs/body-parser/commit/b2695c4450f06ba3b0ccf48d872a229bb41c9bce", }, { category: "external", summary: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", url: "https://github.com/expressjs/body-parser/security/advisories/GHSA-qwcr-r2fm-qrc7", }, ], release_date: "2024-09-10T16:15:21.083000+00:00", remediations: [ { category: "vendor_fix", date: "2024-11-11T01:39:34+00:00", details: "To install the Red Hat Developer Hub 1.3, follow the instructions linked from the References section.", product_ids: [ "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHBA-2024:9054", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "9Base-RHDH-1.3:rhdh/rhdh-hub-rhel9@sha256:9bf03585d9a90ad7ba0dd56e9210dbe099be187e9ada06b2a2ca754cefa89314_amd64", "9Base-RHDH-1.3:rhdh/rhdh-operator-bundle@sha256:aa2551561078f59c2ac06905bbe51601a438bd8534c5240657964d6e3b685295_amd64", "9Base-RHDH-1.3:rhdh/rhdh-rhel9-operator@sha256:8d3e75e17444a5b5b8ffa103b7c880132b2e814245d438363f5434d5d4be1167_amd64", ], }, ], threats: [ { category: "impact", details: "Important", }, ], title: "body-parser: Denial of Service Vulnerability in body-parser", }, ], }
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.