{ "threat_severity" : "Low", "public_date" : "2024-11-08T05:00:04Z", "bugzilla" : { "description" : "cross-spawn: regular expression denial of service", "id" : "2324550", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2324550" }, "cvss3" : { "cvss3_base_score" : "4.4", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-1333", "details" : [ "Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string.", "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string." ], "affected_release" : [ { "product_name" : "Discovery 1 for RHEL 9", "release_date" : "2025-02-10T00:00:00Z", "advisory" : "RHSA-2025:1249", "cpe" : "cpe:/o:redhat:discovery:1.0::el9", "package" : "discovery/discovery-server-rhel9:1.12.0-1" }, { "product_name" : "Discovery 1 for RHEL 9", "release_date" : "2025-02-10T00:00:00Z", "advisory" : "RHSA-2025:1249", "cpe" : "cpe:/o:redhat:discovery:1.0::el9", "package" : "discovery/discovery-ui-rhel9:1.12.0-1" }, { "product_name" : "Red Hat Advanced Cluster Security 4.4", "release_date" : "2024-12-02T00:00:00Z", "advisory" : "RHSA-2024:10665", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.4::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:4.4.7-2" }, { "product_name" : "Red Hat Advanced Cluster Security 4.5", "release_date" : "2024-11-22T00:00:00Z", "advisory" : "RHSA-2024:10186", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:4.5.5-3" }, { "product_name" : "Red Hat Developer Hub 1.3 on RHEL 9", "release_date" : "2024-12-17T00:00:00Z", "advisory" : "RHBA-2024:10760", "cpe" : "cpe:/a:redhat:rhdh:1.3::el9", "package" : "rhdh/rhdh-hub-rhel9:1.3-131" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.8", "release_date" : "2025-06-04T00:00:00Z", "advisory" : "RHSA-2025:8510", "cpe" : "cpe:/a:redhat:rhmt:1.8::el8", "package" : "rhmtc/openshift-migration-ui-rhel8:v1.8.7-2" }, { "product_name" : "Red Hat OpenShift Container Platform 4.14", "release_date" : "2024-12-19T00:00:00Z", "advisory" : "RHSA-2024:11031", "cpe" : "cpe:/a:redhat:openshift:4.14::el8", "package" : "openshift4/ose-monitoring-plugin-rhel8:v4.14.0-202412040905.p0.g4fa7043.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.15", "release_date" : "2024-12-12T00:00:00Z", "advisory" : "RHSA-2024:10839", "cpe" : "cpe:/a:redhat:openshift:4.15::el8", "package" : "openshift4/ose-monitoring-plugin-rhel8:v4.15.0-202412041605.p0.g1217bc1.assembly.stream.el8" }, { "product_name" : "Red Hat OpenShift Container Platform 4.16", "release_date" : "2024-12-12T00:00:00Z", "advisory" : "RHSA-2024:10823", "cpe" : "cpe:/a:redhat:openshift:4.16::el9", "package" : "openshift4/ose-monitoring-plugin-rhel9:v4.16.0-202412040032.p0.g6cfc2c8.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.17", "release_date" : "2024-12-03T00:00:00Z", "advisory" : "RHSA-2024:10518", "cpe" : "cpe:/a:redhat:openshift:4.17::el9", "package" : "openshift4/ose-monitoring-plugin-rhel9:v4.17.0-202411261404.p0.gad057d3.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.17", "release_date" : "2024-12-03T00:00:00Z", "advisory" : "RHSA-2024:10518", "cpe" : "cpe:/a:redhat:openshift:4.17::el9", "package" : "openshift4/ose-networking-console-plugin-rhel9:v4.17.0-202411261204.p0.gfa9e6b0.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Container Platform 4.17", "release_date" : "2025-02-05T00:00:00Z", "advisory" : "RHSA-2025:0875", "cpe" : "cpe:/a:redhat:openshift:4.17::el9", "package" : "openshift4/nmstate-console-plugin-rhel9:v4.17.0-202501301204.p0.gcffdc60.assembly.stream.el9" }, { "product_name" : "Red Hat OpenShift Dev Spaces 3 Containers", "release_date" : "2025-02-03T00:00:00Z", "advisory" : "RHSA-2025:0892", "cpe" : "cpe:/a:redhat:openshift_devspaces:3::el9", "package" : "devspaces/code-rhel9:3.18-6" }, { "product_name" : "Red Hat OpenShift Dev Spaces 3 Containers", "release_date" : "2025-02-03T00:00:00Z", "advisory" : "RHSA-2025:0892", "cpe" : "cpe:/a:redhat:openshift_devspaces:3::el9", "package" : "devspaces/dashboard-rhel9:3.18-10" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date" : "2024-12-10T00:00:00Z", "advisory" : "RHSA-2024:10907", "cpe" : "cpe:/a:redhat:service_mesh:2.4::el8", "package" : "openshift-service-mesh/grafana-rhel8:2.4.13-2" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date" : "2024-12-10T00:00:00Z", "advisory" : "RHSA-2024:10907", "cpe" : "cpe:/a:redhat:service_mesh:2.4::el8", "package" : "openshift-service-mesh/istio-cni-rhel8:2.4.13-2" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date" : "2024-12-10T00:00:00Z", "advisory" : "RHSA-2024:10907", "cpe" : "cpe:/a:redhat:service_mesh:2.4::el8", "package" : "openshift-service-mesh/kiali-rhel8:1.65.18-1" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date" : "2024-12-10T00:00:00Z", "advisory" : "RHSA-2024:10907", "cpe" : "cpe:/a:redhat:service_mesh:2.4::el8", "package" : "openshift-service-mesh/pilot-rhel8:2.4.13-2" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date" : "2024-12-10T00:00:00Z", "advisory" : "RHSA-2024:10907", "cpe" : "cpe:/a:redhat:service_mesh:2.4::el8", "package" : "openshift-service-mesh/proxyv2-rhel8:2.4.13-4" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date" : "2024-12-10T00:00:00Z", "advisory" : "RHSA-2024:10907", "cpe" : "cpe:/a:redhat:service_mesh:2.4::el8", "package" : "openshift-service-mesh/ratelimit-rhel8:2.4.13-2" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date" : "2024-12-10T00:00:00Z", "advisory" : "RHSA-2024:10908", "cpe" : "cpe:/a:redhat:service_mesh:2.5::el8", "package" : "openshift-service-mesh/kiali-ossmc-rhel8:1.73.16-2" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date" : "2024-12-10T00:00:00Z", "advisory" : "RHSA-2024:10908", "cpe" : "cpe:/a:redhat:service_mesh:2.5::el8", "package" : "openshift-service-mesh/kiali-rhel8:1.73.17-1" }, { "product_name" : "RHODF-4.14-RHEL-9", "release_date" : "2025-06-04T00:00:00Z", "advisory" : "RHSA-2025:8551", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.14::el9", "package" : "odf4/ocs-client-console-rhel9:v4.14.18-2" }, { "product_name" : "RHODF-4.14-RHEL-9", "release_date" : "2025-06-04T00:00:00Z", "advisory" : "RHSA-2025:8551", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.14::el9", "package" : "odf4/odf-console-rhel9:v4.14.18-3" }, { "product_name" : "RHODF-4.14-RHEL-9", "release_date" : "2025-06-04T00:00:00Z", "advisory" : "RHSA-2025:8551", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.14::el9", "package" : "odf4/odf-multicluster-console-rhel9:v4.14.18-2" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2025-01-09T00:00:00Z", "advisory" : "RHSA-2025:0164", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/mcg-core-rhel9:v4.15.9-1" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2025-06-04T00:00:00Z", "advisory" : "RHSA-2025:8544", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/ocs-client-console-rhel9:v4.15.14-2" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2025-06-04T00:00:00Z", "advisory" : "RHSA-2025:8544", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-console-rhel9:v4.15.14-2" }, { "product_name" : "RHODF-4.15-RHEL-9", "release_date" : "2025-06-04T00:00:00Z", "advisory" : "RHSA-2025:8544", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package" : "odf4/odf-multicluster-console-rhel9:v4.15.14-2" }, { "product_name" : "RHODF-4.16-RHEL-9", "release_date" : "2024-12-17T00:00:00Z", "advisory" : "RHSA-2024:11292", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package" : "odf4/mcg-core-rhel9:v4.16.4-2" }, { "product_name" : "RHODF-4.16-RHEL-9", "release_date" : "2025-01-08T00:00:00Z", "advisory" : "RHSA-2025:0082", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package" : "odf4/ocs-client-console-rhel9:v4.16.5-2" }, { "product_name" : "RHODF-4.16-RHEL-9", "release_date" : "2025-01-08T00:00:00Z", "advisory" : "RHSA-2025:0082", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package" : "odf4/odf-console-rhel9:v4.16.5-2" }, { "product_name" : "RHODF-4.16-RHEL-9", "release_date" : "2025-01-08T00:00:00Z", "advisory" : "RHSA-2025:0082", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package" : "odf4/odf-multicluster-console-rhel9:v4.16.5-2" }, { "product_name" : "RHODF-4.17-RHEL-9", "release_date" : "2024-12-12T00:00:00Z", "advisory" : "RHSA-2024:10986", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.17::el9", "package" : "odf4/mcg-core-rhel9:v4.17.1-2" }, { "product_name" : "RHODF-4.17-RHEL-9", "release_date" : "2025-01-08T00:00:00Z", "advisory" : "RHSA-2025:0079", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.17::el9", "package" : "odf4/ocs-client-console-rhel9:v4.17.2-1" }, { "product_name" : "RHODF-4.17-RHEL-9", "release_date" : "2025-01-08T00:00:00Z", "advisory" : "RHSA-2025:0079", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.17::el9", "package" : "odf4/odf-console-rhel9:v4.17.2-1" }, { "product_name" : "RHODF-4.17-RHEL-9", "release_date" : "2025-01-08T00:00:00Z", "advisory" : "RHSA-2025:0079", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.17::el9", "package" : "odf4/odf-multicluster-console-rhel9:v4.17.2-1" }, { "product_name" : "RHODF-4.18-RHEL-9", "release_date" : "2025-03-11T00:00:00Z", "advisory" : "RHSA-2025:2652", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.18::el9", "package" : "odf4/ocs-client-console-rhel9:v4.18.0-65" }, { "product_name" : "RHODF-4.18-RHEL-9", "release_date" : "2025-03-11T00:00:00Z", "advisory" : "RHSA-2025:2652", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.18::el9", "package" : "odf4/odf-console-rhel9:v4.18.0-65" }, { "product_name" : "RHODF-4.18-RHEL-9", "release_date" : "2025-03-11T00:00:00Z", "advisory" : "RHSA-2025:2652", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4.18::el9", "package" : "odf4/odf-multicluster-console-rhel9:v4.18.0-64" }, { "product_name" : "Red Hat Developer Hub (RHDH) 1.4", "release_date" : "2024-12-17T00:00:00Z", "advisory" : "RHBA-2024:11265", "cpe" : "cpe:/a:redhat:rhdh:1.4::el9", "package" : "rhdh/rhdh-hub-rhel9:sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-27T00:00:00Z", "advisory" : "RHSA-2025:3368", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-dashboard-rhel8:sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee" }, { "product_name" : "Red Hat OpenShift AI 2.16", "release_date" : "2025-03-31T00:00:00Z", "advisory" : "RHSA-2025:3397", "cpe" : "cpe:/a:redhat:openshift_ai:2.16::el8", "package" : "rhoai/odh-dashboard-rhel8:sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee" }, { "product_name" : "Red Hat OpenShift AI 2.17", "release_date" : "2025-02-13T00:00:00Z", "advisory" : "RHSA-2025:1448", "cpe" : "cpe:/a:redhat:openshift_ai:2.17::el8", "package" : "rhoai/odh-dashboard-rhel8:sha256:e19276083d932dad46be57674cadf2757a4eeb5d1e2cc2b4ae650e0c8d2c1b02" }, { "product_name" : "Red Hat Trusted Artifact Signer 1.1", "release_date" : "2025-02-11T00:00:00Z", "advisory" : "RHSA-2025:1286", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1.1::el9", "package" : "rhtas/rekor-search-ui-rhel9:sha256:ab85e4f3fe88f7c6a376445273ce5b76c10dc805e438314fbab6d668e75ed53d" }, { "product_name" : "Red Hat Trusted Artifact Signer 1.1", "release_date" : "2025-02-11T00:00:00Z", "advisory" : "RHSA-2025:1321", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1.1::el9", "package" : "rhtas/rekor-search-ui-rhel9:sha256:39220599ff9bbcd77ca8188a9c2c2cd75aa914b623bfc5ed01b6d0c607a833b9" }, { "product_name" : "Red Hat Trusted Artifact Signer 1.1", "release_date" : "2025-02-25T00:00:00Z", "advisory" : "RHSA-2025:1842", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1.1::el9", "package" : "rhtas/rekor-search-ui-rhel9:sha256:1432b47ddd881eb1909453e939c791825e7853b4abc00a12dddd948f99022ab3" }, { "product_name" : "Red Hat Trusted Profile Analyzer 1.2", "release_date" : "2024-12-17T00:00:00Z", "advisory" : "RHSA-2024:11255", "cpe" : "cpe:/a:redhat:trusted_profile_analyzer:1.2::el9", "package" : "rhtpa/rhtpa-trustification-service-rhel9:sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe" }, { "product_name" : "Red Hat Trusted Profile Analyzer 1.2", "release_date" : "2024-12-17T00:00:00Z", "advisory" : "RHSA-2024:11256", "cpe" : "cpe:/a:redhat:trusted_profile_analyzer:1.2::el9", "package" : "rhtpa/rhtpa-guac-rhel9:sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30" } ], "package_state" : [ { "product_name" : "Cryostat 3", "fix_state" : "Affected", "package_name" : "cross-spawn", "cpe" : "cpe:/a:redhat:cryostat:3" }, { "product_name" : "Migration Toolkit for Applications 7", "fix_state" : "Not affected", "package_name" : "mta/mta-cli-rhel9", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:7" }, { "product_name" : "Migration Toolkit for Applications 7", "fix_state" : "Fix deferred", "package_name" : "mta/mta-ui-rhel9", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:7" }, { "product_name" : "Migration Toolkit for Virtualization", "fix_state" : "Not affected", "package_name" : "migration-toolkit-virtualization/mtv-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Not affected", "package_name" : "multicluster-engine/console-mce-rhel8", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Not affected", "package_name" : "multicluster-engine/multicluster-engine-console-mce-rhel8", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Network Observability Operator", "fix_state" : "Fix deferred", "package_name" : "network-observability/network-observability-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:network_observ_optr:1" }, { "product_name" : "Node HealthCheck Operator", "fix_state" : "Fix deferred", "package_name" : "workload-availability/node-remediation-console-rhel8", "cpe" : "cpe:/a:redhat:workload_availability_nhc:0" }, { "product_name" : "OpenShift Lightspeed", "fix_state" : "Affected", "package_name" : "openshift-lightspeed-tech-preview/lightspeed-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:openshift_lightspeed" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Will not fix", "package_name" : "openshift-pipelines/pipelines-console-plugin-rhel8", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Fix deferred", "package_name" : "openshift-pipelines/pipelines-hub-api-rhel8", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Fix deferred", "package_name" : "openshift-pipelines/pipelines-hub-db-migration-rhel8", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Fix deferred", "package_name" : "openshift-pipelines/pipelines-hub-ui-rhel8", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Fix deferred", "package_name" : "3scale-amp-system-container", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/console-rhel8", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-central-db-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-rhel8-operator", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-roxctl-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-scanner-v4-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "aap-cloud-ui-container", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-25/lightspeed-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "automation-controller", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "automation-eda-controller", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "automation-gateway", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat build of Apache Camel - HawtIO 4", "fix_state" : "Not affected", "package_name" : "cross-spawn", "cpe" : "cpe:/a:redhat:apache_camel_hawtio:4" }, { "product_name" : "Red Hat build of Apicurio Registry 2", "fix_state" : "Not affected", "package_name" : "cross-spawn", "cpe" : "cpe:/a:redhat:service_registry:2" }, { "product_name" : "Red Hat Build of Keycloak", "fix_state" : "Fix deferred", "package_name" : "cross-spawn", "cpe" : "cpe:/a:redhat:build_keycloak:" }, { "product_name" : "Red Hat build of OptaPlanner 8", "fix_state" : "Affected", "package_name" : "cross-spawn", "cpe" : "cpe:/a:redhat:optaplanner:::el6" }, { "product_name" : "Red Hat Connectivity Link 1", "fix_state" : "Affected", "package_name" : "rhcl-console-plugin-container", "cpe" : "cpe:/a:redhat:connectivity_link:1" }, { "product_name" : "Red Hat Data Grid 8", "fix_state" : "Not affected", "package_name" : "cross-spawn", "cpe" : "cpe:/a:redhat:jboss_data_grid:8" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Fix deferred", "package_name" : "nodejs22", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "nodejs:18/nodejs", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "nodejs:20/nodejs", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "nodejs:20/nodejs", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "nodejs:22/nodejs", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Integration Camel K 1", "fix_state" : "Not affected", "package_name" : "cross-spawn", "cpe" : "cpe:/a:redhat:integration:1" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "fix_state" : "Not affected", "package_name" : "cross-spawn", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8", "fix_state" : "Not affected", "package_name" : "cross-spawn", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Not affected", "package_name" : "cross-spawn", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "openshift4/ose-console", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Data Science (RHODS)", "fix_state" : "Fix deferred", "package_name" : "rhods/odh-dashboard-rhel8", "cpe" : "cpe:/a:redhat:openshift_data_science" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Affected", "package_name" : "devspaces/dashboard-rhel8", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Affected", "package_name" : "devspaces/traefik-rhel8", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift distributed tracing 3", "fix_state" : "Not affected", "package_name" : "rhosdt/jaeger-agent-rhel8", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3" }, { "product_name" : "Red Hat OpenShift distributed tracing 3", "fix_state" : "Not affected", "package_name" : "rhosdt/jaeger-all-in-one-rhel8", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3" }, { "product_name" : "Red Hat OpenShift distributed tracing 3", "fix_state" : "Not affected", "package_name" : "rhosdt/jaeger-collector-rhel8", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3" }, { "product_name" : "Red Hat OpenShift distributed tracing 3", "fix_state" : "Not affected", "package_name" : "rhosdt/jaeger-es-index-cleaner-rhel8", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3" }, { "product_name" : "Red Hat OpenShift distributed tracing 3", "fix_state" : "Not affected", "package_name" : "rhosdt/jaeger-es-rollover-rhel8", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3" }, { "product_name" : "Red Hat OpenShift distributed tracing 3", "fix_state" : "Not affected", "package_name" : "rhosdt/jaeger-ingester-rhel8", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3" }, { "product_name" : "Red Hat OpenShift distributed tracing 3", "fix_state" : "Affected", "package_name" : "rhosdt/jaeger-query-rhel8", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Affected", "package_name" : "openshift-gitops-1/argocd-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Affected", "package_name" : "openshift-gitops-1/argocd-rhel9", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Fix deferred", "package_name" : "openshift-gitops-1/argo-rollouts-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Affected", "package_name" : "openshift-gitops-1/console-plugin-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Fix deferred", "package_name" : "container-native-virtualization/kubevirt-console-plugin", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "container-native-virtualization/kubevirt-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Not affected", "package_name" : "cross-spawn", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Affected", "package_name" : "quay/quay-rhel8", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Not affected", "package_name" : "nodejs-node-sass", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Not affected", "package_name" : "nodejs-webpack-cli", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Single Sign-On 7", "fix_state" : "Fix deferred", "package_name" : "cross-spawn", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Not affected", "package_name" : "rhtas/fulcio-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-21538\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21538\nhttps://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff\nhttps://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f\nhttps://github.com/moxystudio/node-cross-spawn/pull/160\nhttps://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230" ], "name" : "CVE-2024-21538", "csaw" : false }