{ "threat_severity" : "Moderate", "public_date" : "2024-09-16T00:00:00Z", "bugzilla" : { "description" : "npm-serialize-javascript: Cross-site Scripting (XSS) in serialize-javascript", "id" : "2312579", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2312579" }, "cvss3" : { "cvss3_base_score" : "5.4", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "status" : "verified" }, "cwe" : "CWE-79", "details" : [ "A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.", "A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package." ], "affected_release" : [ { "product_name" : "Red Hat Advanced Cluster Security 4.4", "release_date" : "2025-02-13T00:00:00Z", "advisory" : "RHSA-2025:1468", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:4.4.8-2" }, { "product_name" : "Red Hat Advanced Cluster Security 4.5", "release_date" : "2025-02-11T00:00:00Z", "advisory" : "RHSA-2025:1334", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:4.5.6-2" }, { "product_name" : "Red Hat Ceph Storage 7.1", "release_date" : "2026-02-17T00:00:00Z", "advisory" : "RHSA-2026:2769", "cpe" : "cpe:/a:redhat:ceph_storage:7.1::el8", "package" : "ceph-2:18.2.1-381.el8cp" }, { "product_name" : "Red Hat Ceph Storage 8.1", "release_date" : "2025-11-12T00:00:00Z", "advisory" : "RHSA-2025:21068", "cpe" : "cpe:/a:redhat:ceph_storage:8.1::el9", "package" : "ceph-2:19.2.1-292.el9cp" }, { "product_name" : "Red Hat Ceph Storage 9.0", "release_date" : "2026-01-29T00:00:00Z", "advisory" : "RHSA-2026:1536", "cpe" : "cpe:/a:redhat:ceph_storage:9.0::el9", "package" : "ceph-2:20.1.0-144.el10cp" }, { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2025-01-16T00:00:00Z", "advisory" : "RHSA-2025:0381", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "dotnet8.0-0:8.0.112-1.el8_10" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-01-14T00:00:00Z", "advisory" : "RHBA-2025:0304", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "dotnet8.0-0:8.0.112-1.el9_5" }, { "product_name" : "RHODF-4.14-RHEL-9", "release_date" : "2025-06-04T00:00:00Z", "advisory" : "RHSA-2025:8551", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.14::el9", "package" : "odf4/ocs-client-console-rhel9:v4.14.18-2" }, { "product_name" : "RHODF-4.14-RHEL-9", "release_date" : "2025-06-04T00:00:00Z", "advisory" : "RHSA-2025:8551", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.14::el9", "package" : "odf4/odf-console-rhel9:v4.14.18-3" }, { "product_name" : "RHODF-4.14-RHEL-9", "release_date" : "2025-06-04T00:00:00Z", "advisory" : "RHSA-2025:8551", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.14::el9", "package" : "odf4/odf-multicluster-console-rhel9:v4.14.18-2" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2025-06-04T00:00:00Z", "advisory" : "RHSA-2025:8544", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/ocs-client-console-rhel9:v4.15.14-2" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2025-06-04T00:00:00Z", "advisory" : "RHSA-2025:8544", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-console-rhel9:v4.15.14-2" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2025-06-04T00:00:00Z", "advisory" : "RHSA-2025:8544", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-multicluster-console-rhel9:v4.15.14-2" }, { "product_name" : "RHODF-4.16-RHEL-9", "release_date" : "2025-06-04T00:00:00Z", "advisory" : "RHSA-2025:8479", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package" : "odf4/ocs-client-console-rhel9:v4.16.10-4" }, { "product_name" : "RHODF-4.16-RHEL-9", "release_date" : "2025-06-04T00:00:00Z", "advisory" : "RHSA-2025:8479", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package" : "odf4/odf-console-rhel9:v4.16.10-4" }, { "product_name" : "RHODF-4.16-RHEL-9", "release_date" : "2025-06-04T00:00:00Z", "advisory" : "RHSA-2025:8479", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package" : "odf4/odf-multicluster-console-rhel9:v4.16.10-3" }, { "product_name" : "RHODF-4.17-RHEL-9", "release_date" : "2025-05-21T00:00:00Z", "advisory" : "RHSA-2025:8059", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.17::el9", "package" : "odf4/ocs-client-console-rhel9:v4.17.7-2" }, { "product_name" : "RHODF-4.17-RHEL-9", "release_date" : "2025-05-21T00:00:00Z", "advisory" : "RHSA-2025:8059", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.17::el9", "package" : "odf4/odf-console-rhel9:v4.17.7-2" }, { "product_name" : "RHODF-4.17-RHEL-9", "release_date" : "2025-05-21T00:00:00Z", "advisory" : "RHSA-2025:8059", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.17::el9", "package" : "odf4/odf-multicluster-console-rhel9:v4.17.7-2" }, { "product_name" : "RHODF-4.18-RHEL-9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4511", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.18::el9", "package" : "odf4/ocs-client-console-rhel9:v4.18.2-8" }, { "product_name" : "RHODF-4.18-RHEL-9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4511", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.18::el9", "package" : "odf4/odf-console-rhel9:v4.18.2-7" }, { "product_name" : "RHODF-4.18-RHEL-9", "release_date" : "2025-05-06T00:00:00Z", "advisory" : "RHSA-2025:4511", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.18::el9", "package" : "odf4/odf-multicluster-console-rhel9:v4.18.2-8" }, { "product_name" : "Red Hat Ceph Storage 8", "release_date" : "2025-11-12T00:00:00Z", "advisory" : "RHSA-2025:21203", "cpe" : "cpe:/a:redhat:ceph_storage:8::el9", "package" : "rhceph/rhceph-8-rhel9:sha256:5a97e827c48732775a76e2fe25860488e773f4d8da0e0fbc51168fe30a5deb4b" }, { "product_name" : "Red Hat OpenShift Pipelines 1.14.6", "release_date" : "2025-04-14T00:00:00Z", "advisory" : "RHSA-2025:3870", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.14::el8", "package" : "openshift-pipelines/pipelines-hub-ui-rhel8:sha256:84f36fbadbbbbaa4a174850994a6bfb1ffb8f2c671f9dee83037a756c3a3cd95" }, { "product_name" : "Red Hat OpenShift Pipelines 1.15", "release_date" : "2025-05-21T00:00:00Z", "advisory" : "RHSA-2025:8078", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.15::el8", "package" : "openshift-pipelines/pipelines-console-plugin-rhel8:sha256:3b11a142e5018e047c185199f157089d47e86f470e9ada73d0c36cd84ae2f020" }, { "product_name" : "Red Hat OpenShift Pipelines 1.15", "release_date" : "2025-05-21T00:00:00Z", "advisory" : "RHSA-2025:8078", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.15::el8", "package" : "openshift-pipelines/pipelines-hub-ui-rhel8:sha256:43fbd1ff1fcab53e5d4fde5daafa46795b3f2b1e14c07cc2e565b624aa8468c7" }, { "product_name" : "Red Hat OpenShift Pipelines 1.16", "release_date" : "2025-06-04T00:00:00Z", "advisory" : "RHSA-2025:8512", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.16::el8", "package" : "openshift-pipelines/pipelines-console-plugin-rhel8:sha256:15b283d200e626cc945bd5bfb71b883948e07ed70e97fd4da5dc678aae183808" }, { "product_name" : "Red Hat OpenShift Pipelines 1.16", "release_date" : "2025-06-04T00:00:00Z", "advisory" : "RHSA-2025:8512", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.16::el8", "package" : "openshift-pipelines/pipelines-hub-ui-rhel8:sha256:3fc1b957039ba40b8d5353cd624b930f2bc5c5cb47335f7eb3255a8d792a3060" }, { "product_name" : "Red Hat OpenShift Pipelines 1.17", "release_date" : "2025-06-19T00:00:00Z", "advisory" : "RHSA-2025:9294", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.17::el8", "package" : "openshift-pipelines/pipelines-console-plugin-rhel8:sha256:43f914efbabff71cd7f5dad186b461fd87a28846b33f8c8b3d2ad38fece95983" }, { "product_name" : "Red Hat OpenShift Pipelines 1.17", "release_date" : "2025-06-19T00:00:00Z", "advisory" : "RHSA-2025:9294", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.17::el8", "package" : "openshift-pipelines/pipelines-hub-ui-rhel8:sha256:31ed62e58c9d12bff8cd88a881eda9b5e68d8d416227d191228dd0d3b4af532c" }, { "product_name" : "Red Hat OpenShift Pipelines 1.18.0", "release_date" : "2025-05-27T00:00:00Z", "advisory" : "RHSA-2025:8233", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.18::el9", "package" : "openshift-pipelines/pipelines-console-plugin-rhel9:sha256:7a71e590bb448f9f6c9f1e8f8ad0396770cc015e22358d5f7b022f79f2ff01e2" }, { "product_name" : "Red Hat OpenShift Pipelines 1.19", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10853", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.19::el9", "package" : "openshift-pipelines/pipelines-console-plugin-rhel9:sha256:31eeeab213a1b603ab8c3f8253cd19c87bb45ca03e96e0461314571a7de82828" } ], "package_state" : [ { "product_name" : "Cryostat 3", "fix_state" : "Will not fix", "package_name" : "serialize-javascript", "cpe" : "cpe:/a:redhat:cryostat:3" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Affected", "package_name" : "openshift-logging/kibana6-rhel8", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Migration Toolkit for Virtualization", "fix_state" : "Not affected", "package_name" : "migration-toolkit-virtualization/mtv-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2" }, { "product_name" : ".NET 6.0 on Red Hat Enterprise Linux", "fix_state" : "Out of support scope", "package_name" : "rh-dotnet60-dotnet", "cpe" : "cpe:/a:redhat:rhel_dotnet:6.0" }, { "product_name" : "OpenShift Lightspeed", "fix_state" : "Affected", "package_name" : "openshift-lightspeed-beta/lightspeed-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:openshift_lightspeed" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Will not fix", "package_name" : "openshift-pipelines/pipelines-hub-api-rhel8", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Will not fix", "package_name" : "openshift-pipelines/pipelines-hub-db-migration-rhel8", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines/pipelines-hub-ui-rhel8", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "serialize-javascript", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Affected", "package_name" : "openshift-service-mesh/kiali-ossmc-rhel8", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Affected", "package_name" : "openshift-service-mesh/kiali-rhel8", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp-system-container", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/console-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-central-db-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-rhel8-operator", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-roxctl-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-scanner-v4-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Will not fix", "package_name" : "aap-cloud-ui-container", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "ansible-automation-platform-25/lightspeed-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "automation-controller", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "automation-eda-controller", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat build of Apache Camel - HawtIO 4", "fix_state" : "Not affected", "package_name" : "serialize-javascript", "cpe" : "cpe:/a:redhat:apache_camel_hawtio:4" }, { "product_name" : "Red Hat build of Apicurio Registry 2", "fix_state" : "Affected", "package_name" : "serialize-javascript", "cpe" : "cpe:/a:redhat:service_registry:2" }, { "product_name" : "Red Hat build of OptaPlanner 8", "fix_state" : "Affected", "package_name" : "serialize-javascript", "cpe" : "cpe:/a:redhat:optaplanner:::el6" }, { "product_name" : "Red Hat Ceph Storage 7", "fix_state" : "Not affected", "package_name" : "grafana", "cpe" : "cpe:/a:redhat:ceph_storage:7" }, { "product_name" : "Red Hat Ceph Storage 7", "fix_state" : "Affected", "package_name" : "libarrow", "cpe" : "cpe:/a:redhat:ceph_storage:7" }, { "product_name" : "Red Hat Ceph Storage 7", "fix_state" : "Not affected", "package_name" : "pybind", "cpe" : "cpe:/a:redhat:ceph_storage:7" }, { "product_name" : "Red Hat Ceph Storage 8", "fix_state" : "Not affected", "package_name" : "grafana", "cpe" : "cpe:/a:redhat:ceph_storage:8" }, { "product_name" : "Red Hat Ceph Storage 8", "fix_state" : "Affected", "package_name" : "pybind", "cpe" : "cpe:/a:redhat:ceph_storage:8" }, { "product_name" : "Red Hat Ceph Storage 9", "fix_state" : "Affected", "package_name" : "grafana", "cpe" : "cpe:/a:redhat:ceph_storage:9" }, { "product_name" : "Red Hat Ceph Storage 9", "fix_state" : "Affected", "package_name" : "libarrow", "cpe" : "cpe:/a:redhat:ceph_storage:9" }, { "product_name" : "Red Hat Ceph Storage 9", "fix_state" : "Affected", "package_name" : "pybind", "cpe" : "cpe:/a:redhat:ceph_storage:9" }, { "product_name" : "Red Hat Data Grid 8", "fix_state" : "Will not fix", "package_name" : "serialize-javascript", "cpe" : "cpe:/a:redhat:jboss_data_grid:8" }, { "product_name" : "Red Hat Developer Hub", "fix_state" : "Not affected", "package_name" : "rhdh/rhdh-hub-rhel9", "cpe" : "cpe:/a:redhat:rhdh:1" }, { "product_name" : "Red Hat Discovery 1", "fix_state" : "Affected", "package_name" : "discovery-server-container", "cpe" : "cpe:/a:redhat:discovery:1" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "dotnet8.0", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "dotnet6.0", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "pcs", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Out of support scope", "package_name" : "dotnet6.0", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Out of support scope", "package_name" : "dotnet7.0", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "pcs", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Will not fix", "package_name" : "serialize-javascript", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Integration Camel K 1", "fix_state" : "Not affected", "package_name" : "serialize-javascript", "cpe" : "cpe:/a:redhat:integration:1" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "fix_state" : "Not affected", "package_name" : "serialize-javascript", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8", "fix_state" : "Not affected", "package_name" : "serialize-javascript", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Not affected", "package_name" : "serialize-javascript", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "odh-dashboard-container", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "odh-dashboard-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Will not fix", "package_name" : "odh-data-science-pipelines-argo-argoexec-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Will not fix", "package_name" : "odh-data-science-pipelines-argo-workflowcontroller-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "odh-kf-notebook-controller-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Will not fix", "package_name" : "odh-ml-pipelines-api-server-v2-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Will not fix", "package_name" : "odh-ml-pipelines-driver-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Will not fix", "package_name" : "odh-ml-pipelines-launcher-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Will not fix", "package_name" : "odh-ml-pipelines-persistenceagent-v2-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Will not fix", "package_name" : "odh-ml-pipelines-scheduledworkflow-v2-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "odh-model-registry-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "odh-notebook-controller-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "odh-operator-container", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Will not fix", "package_name" : "openshift3/ose-console", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-monitoring-plugin-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Affected", "package_name" : "devspaces/code-rhel8", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Will not fix", "package_name" : "devspaces/dashboard-rhel8", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Affected", "package_name" : "devspaces/traefik-rhel8", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift distributed tracing 3", "fix_state" : "Not affected", "package_name" : "rhosdt/jaeger-agent-rhel8", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3" }, { "product_name" : "Red Hat OpenShift distributed tracing 3", "fix_state" : "Affected", "package_name" : "rhosdt/jaeger-all-in-one-rhel8", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3" }, { "product_name" : "Red Hat OpenShift distributed tracing 3", "fix_state" : "Not affected", "package_name" : "rhosdt/jaeger-collector-rhel8", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3" }, { "product_name" : "Red Hat OpenShift distributed tracing 3", "fix_state" : "Not affected", "package_name" : "rhosdt/jaeger-es-index-cleaner-rhel8", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3" }, { "product_name" : "Red Hat OpenShift distributed tracing 3", "fix_state" : "Not affected", "package_name" : "rhosdt/jaeger-es-rollover-rhel8", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3" }, { "product_name" : "Red Hat OpenShift distributed tracing 3", "fix_state" : "Not affected", "package_name" : "rhosdt/jaeger-ingester-rhel8", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3" }, { "product_name" : "Red Hat OpenShift distributed tracing 3", "fix_state" : "Affected", "package_name" : "rhosdt/jaeger-query-rhel8", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Will not fix", "package_name" : "serialize-javascript", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "quay/quay-rhel8", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Not affected", "package_name" : "nodejs-compression-webpack-plugin", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Not affected", "package_name" : "nodejs-webpack", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Single Sign-On 7", "fix_state" : "Affected", "package_name" : "serialize-javascript", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7" }, { "product_name" : "Red Hat Trusted Profile Analyzer", "fix_state" : "Affected", "package_name" : "rhtpa/rhtpa-trustification-service-rhel9", "cpe" : "cpe:/a:redhat:trusted_profile_analyzer:1" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-11831\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-11831\nhttps://github.com/yahoo/serialize-javascript/commit/f27d65d3de42affe2aac14607066c293891cec4e\nhttps://github.com/yahoo/serialize-javascript/pull/173" ], "name" : "CVE-2024-11831", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }