{
  "threat_severity" : "Moderate",
  "public_date" : "2021-02-22T00:00:00Z",
  "bugzilla" : {
    "description" : "nodejs-url-parse: mishandling certain uses of backslash may lead to confidentiality compromise",
    "id" : "1934474",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1934474"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-1286",
  "details" : [ "url-parse before 1.5.0 mishandles certain uses of backslash such as http:\\/ and interprets the URI as a relative path.", "An input validation flaw exists in the node.js-url-parse, which results in the URL being incorrectly set to the document location protocol instead of the URL being passed as an argument. This flaw allows an attacker to bypass security checks on URLs. The highest threat from this vulnerability is to integrity. This is an incomplete fix for CVE-2020-8124." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Quay 3",
    "release_date" : "2021-10-19T00:00:00Z",
    "advisory" : "RHSA-2021:3917",
    "cpe" : "cpe:/a:redhat:quay:3::el8",
    "package" : "quay/quay-rhel8:v3.6.0-62"
  } ],
  "package_state" : [ {
    "product_name" : "OpenShift Service Mesh 2.0",
    "fix_state" : "Not affected",
    "package_name" : "servicemesh-grafana",
    "cpe" : "cpe:/a:redhat:service_mesh:2.0"
  }, {
    "product_name" : "OpenShift Service Mesh 2.0",
    "fix_state" : "Not affected",
    "package_name" : "servicemesh-prometheus",
    "cpe" : "cpe:/a:redhat:service_mesh:2.0"
  }, {
    "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2",
    "fix_state" : "Not affected",
    "package_name" : "rhacm2/console-rhel8",
    "cpe" : "cpe:/a:redhat:acm:2"
  }, {
    "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2",
    "fix_state" : "Not affected",
    "package_name" : "rhacm2/kui-web-terminal-rhel8",
    "cpe" : "cpe:/a:redhat:acm:2"
  }, {
    "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2",
    "fix_state" : "Not affected",
    "package_name" : "rhacm2/search-ui-rhel8",
    "cpe" : "cpe:/a:redhat:acm:2"
  }, {
    "product_name" : "Red Hat Decision Manager 7",
    "fix_state" : "Out of support scope",
    "package_name" : "nodejs-url-parse",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "openshift4/ose-grafana",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "openshift4/ose-prometheus",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Not affected",
    "package_name" : "openshift4/ose-thanos-rhel8",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat Process Automation 7",
    "fix_state" : "Out of support scope",
    "package_name" : "nodejs-url-parse",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-27515\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-27515" ],
  "name" : "CVE-2021-27515",
  "csaw" : false
}