{ "threat_severity" : "Moderate", "public_date" : "2022-07-12T00:00:00Z", "bugzilla" : { "description" : "golang: encoding/xml: stack exhaustion in Unmarshal", "id" : "2107392", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2107392" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-1325", "details" : [ "Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.", "A flaw was found in golang. Calling Unmarshal on an XML document into a Go struct, which has a nested field that uses the \"any\" field tag, can cause a panic due to stack exhaustion." ], "statement" : "Red Hat has marked this as moderate impact for two primary reasons\n1. Though the vulnerability exists, it is hard to exploit in real scenarios (e.g., the attacker must be able to feed crafted XML documents into specific code paths).\n2. The vulnerability is a denial of service (DoS) due to stack exhaustion rather than code execution or data breach. Since it doesn’t compromise confidentiality or integrity.", "affected_release" : [ { "product_name" : "Application Interconnect 1 for RHEL 8", "release_date" : "2022-08-18T00:00:00Z", "advisory" : "RHSA-2022:6113", "cpe" : "cpe:/a:redhat:application_interconnect:1::el8", "package" : "skupper-cli-0:1.0.2-2.el8" }, { "product_name" : "Node Maintenance Operator 4.11 for RHEL 8", "release_date" : "2022-08-25T00:00:00Z", "advisory" : "RHSA-2022:6188", "cpe" : "cpe:/a:redhat:workload_availability_nmo:4.11::el8", "package" : "workload-availability/node-maintenance-rhel8-operator:v4.11.1-1" }, { "product_name" : "OpenShift Custom Metrics Autoscaler 2", "release_date" : "2023-03-06T00:00:00Z", "advisory" : "RHSA-2023:1042", "cpe" : "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2.0::el8", "package" : "custom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8:2.8.2-143", "impact" : "low" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/client-kn-rhel8:1.3.1-4" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-apiserver-receive-adapter-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-controller-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-in-memory-channel-controller-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-in-memory-channel-dispatcher-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-controller-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-dispatcher-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-post-install-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-kafka-broker-webhook-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-mtbroker-filter-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-mtbroker-ingress-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-mtchannel-broker-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-mtping-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-storage-version-migration-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-sugar-controller-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/eventing-webhook-rhel8:1.3.2-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/ingress-rhel8-operator:1.24.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/knative-rhel8-operator:1.24.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/kn-cli-artifacts-rhel8:1.3.1-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/kourier-control-rhel8:1.3.0-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/net-istio-controller-rhel8:1.3.0-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/net-istio-webhook-rhel8:1.3.0-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serverless-operator-bundle:1.24.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serverless-rhel8-operator:1.24.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-activator-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-autoscaler-hpa-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-autoscaler-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-controller-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-domain-mapping-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-domain-mapping-webhook-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-queue-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-storage-version-migration-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/serving-webhook-rhel8:1.3.0-3" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1/svls-must-gather-rhel8:1.24.0-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1-tech-preview/eventing-kafka-broker-controller-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1-tech-preview/eventing-kafka-broker-dispatcher-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1-tech-preview/eventing-kafka-broker-receiver-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serveless 1.24", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6040", "cpe" : "cpe:/a:redhat:serverless:1.24::el8", "package" : "openshift-serverless-1-tech-preview/eventing-kafka-broker-webhook-rhel8:1.3.2-2" }, { "product_name" : "Openshift Serverless 1 on RHEL 8", "release_date" : "2022-08-10T00:00:00Z", "advisory" : "RHSA-2022:6042", "cpe" : "cpe:/a:redhat:serverless:1.0::el8", "package" : "openshift-serverless-clients-0:1.3.1-4.el8" }, { "product_name" : "OSSO-1.1-RHEL-8", "release_date" : "2022-09-01T00:00:00Z", "advisory" : "RHSA-2022:6152", "cpe" : "cpe:/a:redhat:openshift_secondary_scheduler:1.1::el8", "package" : "openshift-secondary-scheduler-operator/secondary-scheduler-operator-rhel8:v1.1-11" }, { "product_name" : "Red Hat Ceph Storage 6.1", "release_date" : "2023-06-15T00:00:00Z", "advisory" : "RHSA-2023:3642", "cpe" : "cpe:/a:redhat:ceph_storage:6.1::el9", "package" : "rhceph/rhceph-6-dashboard-rhel9:6-75" }, { "product_name" : "Red Hat Developer Tools", "release_date" : "2022-08-02T00:00:00Z", "advisory" : "RHSA-2022:5866", "cpe" : "cpe:/a:redhat:devtools:2022", "package" : "go-toolset-1.17-golang-0:1.17.12-1.el7_9" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-08-01T00:00:00Z", "advisory" : "RHSA-2022:5775", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "go-toolset:rhel8-8060020220720230014.97d7f71f" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-11-08T00:00:00Z", "advisory" : "RHSA-2022:7519", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "grafana-0:7.5.15-3.el8" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2022-11-08T00:00:00Z", "advisory" : "RHSA-2022:7529", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "container-tools:3.0-8070020220802115906.39077419" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-05-16T00:00:00Z", "advisory" : "RHSA-2023:2758", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "container-tools:rhel8-8080020230321153727.0f77c1b7" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2023-05-16T00:00:00Z", "advisory" : "RHSA-2023:2802", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "container-tools:4.0-8080020230217080101.8108cfbc" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-08-01T00:00:00Z", "advisory" : "RHSA-2022:5799", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "golang-0:1.17.12-1.el9_0" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2022-11-15T00:00:00Z", "advisory" : "RHSA-2022:8057", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "grafana-0:7.5.15-3.el9" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.7", "release_date" : "2022-12-15T00:00:00Z", "advisory" : "RHSA-2022:9047", "cpe" : "cpe:/a:redhat:rhmt:1.7::el8", "package" : "rhmtc/openshift-migration-velero-rhel8:v1.7.6-5" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.2 for RHEL 8", "release_date" : "2022-08-31T00:00:00Z", "advisory" : "RHSA-2022:6283", "cpe" : "cpe:/a:redhat:service_mesh:2.2::el8", "package" : "openshift-service-mesh/istio-cni-rhel8:2.2.2-7" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.2 for RHEL 8", "release_date" : "2022-08-31T00:00:00Z", "advisory" : "RHSA-2022:6283", "cpe" : "cpe:/a:redhat:service_mesh:2.2::el8", "package" : "openshift-service-mesh/istio-rhel8-operator:2.2.2-8" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.2 for RHEL 8", "release_date" : "2022-08-31T00:00:00Z", "advisory" : "RHSA-2022:6283", "cpe" : "cpe:/a:redhat:service_mesh:2.2::el8", "package" : "openshift-service-mesh/pilot-rhel8:2.2.2-7" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.2 for RHEL 8", "release_date" : "2022-08-31T00:00:00Z", "advisory" : "RHSA-2022:6283", "cpe" : "cpe:/a:redhat:service_mesh:2.2::el8", "package" : "openshift-service-mesh/prometheus-rhel8:2.2.2-4" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.2 for RHEL 8", "release_date" : "2022-08-31T00:00:00Z", "advisory" : "RHSA-2022:6283", "cpe" : "cpe:/a:redhat:service_mesh:2.2::el8", "package" : "openshift-service-mesh/proxyv2-rhel8:2.2.2-8" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.2 for RHEL 8", "release_date" : "2022-08-31T00:00:00Z", "advisory" : "RHSA-2022:6283", "cpe" : "cpe:/a:redhat:service_mesh:2.2::el8", "package" : "openshift-service-mesh/ratelimit-rhel8:2.2.2-4" }, { "product_name" : "RHEL-7-CNV-4.12", "release_date" : "2023-01-24T00:00:00Z", "advisory" : "RHSA-2023:0407", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.12::el7", "package" : "kubevirt-0:4.12.0-1057.el7" }, { "product_name" : "RHEL-8-CNV-4.12", "release_date" : "2023-01-24T00:00:00Z", "advisory" : "RHSA-2023:0407", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package" : "kubevirt-0:4.12.0-1057.el8" }, { "product_name" : "RHEL-8-CNV-4.12", "release_date" : "2023-01-25T00:00:00Z", "advisory" : "RHSA-2023:0408", "cpe" : "cpe:/a:redhat:container_native_virtualization:4.12::el8", "package" : "container-native-virtualization/virt-api:v4.12.0-255" } ], "package_state" : [ { "product_name" : "Migration Toolkit for Virtualization", "fix_state" : "Affected", "package_name" : "migration-toolkit-virtualization/mtv-controller-rhel9", "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2" }, { "product_name" : "Node Maintenance Operator", "fix_state" : "Affected", "package_name" : "workload-availability/node-maintenance-rhel8-operator", "cpe" : "cpe:/a:redhat:workload_availability_nmo:5" }, { "product_name" : "OpenShift API for Data Protection", "fix_state" : "Affected", "package_name" : "oadp/oadp-velero-rhel8", "cpe" : "cpe:/a:redhat:openshift_api_data_protection:1" }, { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Fix deferred", "package_name" : "helm", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Developer Tools and Services", "fix_state" : "Affected", "package_name" : "odo", "cpe" : "cpe:/a:redhat:ocp_tools" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines-client", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "3scale-operator-container", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/work-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Affected", "package_name" : "advanced-cluster-security/rhacs-main-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "openshift-clients", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ceph Storage 3", "fix_state" : "Out of support scope", "package_name" : "golang", "cpe" : "cpe:/a:redhat:ceph_storage:3" }, { "product_name" : "Red Hat Ceph Storage 5", "fix_state" : "Affected", "package_name" : "rhceph/rhceph-5-dashboard-rhel8", "cpe" : "cpe:/a:redhat:ceph_storage:5" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "osbuild-composer", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "go-toolset", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "ignition", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "osbuild-composer", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "podman", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift-golang-builder-container", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Affected", "package_name" : "mcg", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Affected", "package_name" : "odf4/cephcsi-rhel9", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat OpenShift distributed tracing 2", "fix_state" : "Affected", "package_name" : "rhosdt/jaeger-agent-rhel8", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:2" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Affected", "package_name" : "openshift-gitops-1/gitops-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Affected", "package_name" : "openshift-gitops-kam", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift on AWS", "fix_state" : "Affected", "package_name" : "rosa", "cpe" : "cpe:/a:redhat:openshift_service_on_aws:1" }, { "product_name" : "Red Hat OpenStack Platform 16.2", "fix_state" : "Will not fix", "package_name" : "rhosp-rhel8-tech-preview/osp-director-operator", "cpe" : "cpe:/a:redhat:openstack:16.2" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "quay/clair-rhel8", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Storage 3", "fix_state" : "Not affected", "package_name" : "golang", "cpe" : "cpe:/a:redhat:storage:3" }, { "product_name" : "Red Hat Storage 3", "fix_state" : "Not affected", "package_name" : "go-toolset-7-golang", "cpe" : "cpe:/a:redhat:storage:3" }, { "product_name" : "Red Hat Storage 3", "fix_state" : "Out of support scope", "package_name" : "heketi", "cpe" : "cpe:/a:redhat:storage:3" }, { "product_name" : "Red Hat Web Terminal", "fix_state" : "Affected", "package_name" : "web-terminal-exec-container", "cpe" : "cpe:/a:redhat:webterminal:1" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-30633\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-30633\nhttps://go.dev/issue/53611\nhttps://groups.google.com/g/golang-announce/c/nqrv9fbR0zE" ], "name" : "CVE-2022-30633", "csaw" : false }