{ "threat_severity" : "Moderate", "public_date" : "2022-08-29T00:00:00Z", "bugzilla" : { "description" : "jsoup: The jsoup cleaner may incorrectly sanitize crafted XSS attempts if SafeList.preserveRelativeLinks is enabled", "id" : "2127078", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2127078" }, "cvss3" : { "cvss3_base_score" : "6.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status" : "verified" }, "cwe" : "CWE-79", "details" : [ "jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML including `javascript:` URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. This issue is patched in jsoup 1.15.3. Users should upgrade to this version. Additionally, as the unsanitized input may have been persisted, old content should be cleaned again using the updated version. To remediate this issue without immediately upgrading: - disable `SafeList.preserveRelativeLinks`, which will rewrite input URLs as absolute URLs - ensure an appropriate [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) is defined. (This should be used regardless of upgrading, as a defence-in-depth best practice.)", "A flaw was found in jsoup, a Java HTML parser built for HTML editing, cleaning, scraping, and Cross-site scripting (XSS) safety. An issue in jsoup may incorrectly sanitize HTML, including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML, including `javascript:` URLs crafted with control characters, will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is possible." ], "affected_release" : [ { "product_name" : "Migration Toolkit for Runtimes 1 on RHEL 8", "release_date" : "2024-09-12T00:00:00Z", "advisory" : "RHSA-2024:6656", "cpe" : "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", "package" : "mtr/mtr-operator-bundle:1.2-27" }, { "product_name" : "Migration Toolkit for Runtimes 1 on RHEL 8", "release_date" : "2024-09-12T00:00:00Z", "advisory" : "RHSA-2024:6656", "cpe" : "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", "package" : "mtr/mtr-rhel8-operator:1.2-17" }, { "product_name" : "Migration Toolkit for Runtimes 1 on RHEL 8", "release_date" : "2024-09-12T00:00:00Z", "advisory" : "RHSA-2024:6656", "cpe" : "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", "package" : "mtr/mtr-web-container-rhel8:1.2-19" }, { "product_name" : "Migration Toolkit for Runtimes 1 on RHEL 8", "release_date" : "2024-09-12T00:00:00Z", "advisory" : "RHSA-2024:6656", "cpe" : "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", "package" : "mtr/mtr-web-executor-container-rhel8:1.2-17" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8080", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "package" : "org.jsoup/jsoup" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8076", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-hal-console-0:3.3.24-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8076", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-hibernate-validator-0:6.0.23-2.SP1_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8076", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-insights-java-client-0:1.1.3-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8076", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-ironjacamar-0:1.5.18-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8076", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-jboss-cert-helper-0:1.1.3-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8076", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-jboss-ejb-client-0:4.0.55-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8076", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-jboss-server-migration-0:1.10.0-39.Final_redhat_00039.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8076", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-jbossws-cxf-0:5.4.12-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8076", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-jsoup-0:1.15.4-1.redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8076", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-undertow-jastow-0:2.0.15-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8076", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-wildfly-0:7.4.19-1.GA_redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8076", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-xalan-j2-0:2.7.1-37.redhat_00015.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8077", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-hal-console-0:3.3.24-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8077", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-hibernate-validator-0:6.0.23-2.SP1_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8077", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-insights-java-client-0:1.1.3-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8077", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-ironjacamar-0:1.5.18-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8077", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-jboss-cert-helper-0:1.1.3-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8077", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-jboss-ejb-client-0:4.0.55-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8077", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-jboss-server-migration-0:1.10.0-39.Final_redhat_00039.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8077", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-jbossws-cxf-0:5.4.12-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8077", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-jsoup-0:1.15.4-1.redhat_00003.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8077", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-undertow-jastow-0:2.0.15-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8077", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-wildfly-0:7.4.19-1.GA_redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8077", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-xalan-j2-0:2.7.1-37.redhat_00015.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-hal-console-0:3.3.24-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-hibernate-validator-0:6.0.23-2.SP1_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-insights-java-client-0:1.1.3-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-ironjacamar-0:1.5.18-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-jboss-cert-helper-0:1.1.3-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-jboss-ejb-client-0:4.0.55-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-jboss-server-migration-0:1.10.0-39.Final_redhat_00039.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-jbossws-cxf-0:5.4.12-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-jsoup-0:1.15.4-1.redhat_00003.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-undertow-jastow-0:2.0.15-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-wildfly-0:7.4.19-1.GA_redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-xalan-j2-0:2.7.1-37.redhat_00015.1.el7eap" } ], "package_state" : [ { "product_name" : "A-MQ Clients 2", "fix_state" : "Will not fix", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:a_mq_clients:2" }, { "product_name" : "Cryostat 3", "fix_state" : "Not affected", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:cryostat:3" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Affected", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Migration Toolkit for Applications 6", "fix_state" : "Will not fix", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:6" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Not affected", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "Red Hat AMQ Broker 7", "fix_state" : "Not affected", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:amq_broker:7" }, { "product_name" : "Red Hat AMQ Clients", "fix_state" : "Not affected", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:amq_clients:2023" }, { "product_name" : "Red Hat build of Apache Camel 4 for Quarkus 3", "fix_state" : "Will not fix", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:camel_quarkus:3" }, { "product_name" : "Red Hat build of Apache Camel for Spring Boot 3", "fix_state" : "Affected", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:camel_spring_boot:3" }, { "product_name" : "Red Hat build of Apache Camel for Spring Boot 4", "fix_state" : "Will not fix", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:camel_spring_boot:4" }, { "product_name" : "Red Hat build of Apache Camel - HawtIO 4", "fix_state" : "Not affected", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:apache_camel_hawtio:4" }, { "product_name" : "Red Hat build of Apicurio Registry 2", "fix_state" : "Affected", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:service_registry:2" }, { "product_name" : "Red Hat build of Debezium 2", "fix_state" : "Affected", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:debezium:2" }, { "product_name" : "Red Hat Build of Keycloak", "fix_state" : "Not affected", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:build_keycloak:" }, { "product_name" : "Red Hat build of OptaPlanner 8", "fix_state" : "Affected", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:optaplanner:::el6" }, { "product_name" : "Red Hat build of Quarkus", "fix_state" : "Not affected", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:quarkus:3" }, { "product_name" : "Red Hat build of Quarkus Native builder", "fix_state" : "Affected", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:quarkus:3" }, { "product_name" : "Red Hat Data Grid 8", "fix_state" : "Not affected", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:jboss_data_grid:8" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "jsoup", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "maven:3.6/jsoup", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "jsoup", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Will not fix", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Integration Camel K 1", "fix_state" : "Will not fix", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:integration:1" }, { "product_name" : "Red Hat JBoss Data Grid 7", "fix_state" : "Will not fix", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:jboss_data_grid:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 6", "fix_state" : "Out of support scope", "package_name" : "jsoup", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8", "fix_state" : "Not affected", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Not affected", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "Red Hat JBoss Web Server 6", "fix_state" : "Not affected", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:6" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Will not fix", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Not affected", "package_name" : "jsoup", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Single Sign-On 7", "fix_state" : "Affected", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Will not fix", "package_name" : "rh-maven36-jsoup", "cpe" : "cpe:/a:redhat:rhel_software_collections:3" }, { "product_name" : "streams for Apache Kafka", "fix_state" : "Affected", "package_name" : "org.jsoup/jsoup", "cpe" : "cpe:/a:redhat:amq_streams:1" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-36033\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-36033" ], "name" : "CVE-2022-36033", "csaw" : false }