{ "threat_severity" : "Moderate", "public_date" : "2024-03-04T00:00:00Z", "bugzilla" : { "description" : "braces: fails to limit the number of characters it can handle", "id" : "2280600", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2280600" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-1050", "details" : [ "The NPM package `braces`, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.", "A flaw was found in the NPM package `braces.` It fails to limit the number of characters it can handle, which could lead to memory exhaustion. In `lib/parse.js,` if a malicious user sends \"imbalanced braces\" as input, the parsing will enter a loop, causing the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash." ], "affected_release" : [ { "product_name" : "HawtIO 4.0.0 for Red Hat build of Apache Camel 4", "release_date" : "2024-12-12T00:00:00Z", "advisory" : "RHSA-2024:11023", "cpe" : "cpe:/a:redhat:rhboac_hawtio:4.0.0" }, { "product_name" : "multicluster engine for Kubernetes 2.4 for RHEL 8", "release_date" : "2024-06-03T00:00:00Z", "advisory" : "RHBA-2024:3555", "cpe" : "cpe:/a:redhat:multicluster_engine:2.4::el8", "package" : "multicluster-engine/console-mce-rhel8:v2.4.5-25" }, { "product_name" : "multicluster engine for Kubernetes 2.4 for RHEL 8", "release_date" : "2024-06-03T00:00:00Z", "advisory" : "RHBA-2024:3555", "cpe" : "cpe:/a:redhat:multicluster_engine:2.4::el8", "package" : "multicluster-engine/multicluster-engine-console-mce-rhel8:v2.4.5-25" }, { "product_name" : "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date" : "2024-07-10T00:00:00Z", "advisory" : "RHBA-2024:4458", "cpe" : "cpe:/a:redhat:multicluster_engine:2.5::el8", "package" : "multicluster-engine/console-mce-rhel9:v2.5.5-1" }, { "product_name" : "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date" : "2024-07-10T00:00:00Z", "advisory" : "RHBA-2024:4458", "cpe" : "cpe:/a:redhat:multicluster_engine:2.5::el8", "package" : "multicluster-engine/multicluster-engine-console-mce-rhel9:v2.5.5-1" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date" : "2024-07-10T00:00:00Z", "advisory" : "RHSA-2024:4464", "cpe" : "cpe:/a:redhat:acm:2.10::el9", "package" : "rhacm2/console-rhel9:v2.10.4-13" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.9 for RHEL 8", "release_date" : "2024-06-04T00:00:00Z", "advisory" : "RHBA-2024:3593", "cpe" : "cpe:/a:redhat:acm:2.9::el8", "package" : "rhacm2/console-rhel8:v2.9.4-22" }, { "product_name" : "Red Hat Developer Hub 1.3 on RHEL 9", "release_date" : "2024-10-02T00:00:00Z", "advisory" : "RHBA-2024:7523", "cpe" : "cpe:/a:redhat:rhdh:1.3::el9", "package" : "rhdh/rhdh-hub-rhel9:1.3-100" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8076", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-hal-console-0:3.3.24-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8076", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-hibernate-validator-0:6.0.23-2.SP1_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8076", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-insights-java-client-0:1.1.3-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8076", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-ironjacamar-0:1.5.18-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8076", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-jboss-cert-helper-0:1.1.3-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8076", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-jboss-ejb-client-0:4.0.55-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8076", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-jboss-server-migration-0:1.10.0-39.Final_redhat_00039.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8076", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-jbossws-cxf-0:5.4.12-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8076", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-jsoup-0:1.15.4-1.redhat_00003.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8076", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-undertow-jastow-0:2.0.15-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8076", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-wildfly-0:7.4.19-1.GA_redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8076", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-xalan-j2-0:2.7.1-37.redhat_00015.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8077", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-hal-console-0:3.3.24-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8077", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-hibernate-validator-0:6.0.23-2.SP1_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8077", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-insights-java-client-0:1.1.3-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8077", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-ironjacamar-0:1.5.18-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8077", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-jboss-cert-helper-0:1.1.3-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8077", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-jboss-ejb-client-0:4.0.55-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8077", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-jboss-server-migration-0:1.10.0-39.Final_redhat_00039.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8077", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-jbossws-cxf-0:5.4.12-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8077", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-jsoup-0:1.15.4-1.redhat_00003.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8077", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-undertow-jastow-0:2.0.15-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8077", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-wildfly-0:7.4.19-1.GA_redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8077", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-xalan-j2-0:2.7.1-37.redhat_00015.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-hal-console-0:3.3.24-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-hibernate-validator-0:6.0.23-2.SP1_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-insights-java-client-0:1.1.3-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-ironjacamar-0:1.5.18-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-jboss-cert-helper-0:1.1.3-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-jboss-ejb-client-0:4.0.55-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-jboss-server-migration-0:1.10.0-39.Final_redhat_00039.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-jbossws-cxf-0:5.4.12-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-jsoup-0:1.15.4-1.redhat_00003.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-undertow-jastow-0:2.0.15-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-wildfly-0:7.4.19-1.GA_redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8075", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-xalan-j2-0:2.7.1-37.redhat_00015.1.el7eap" }, { "product_name" : "Red Hat Migration Toolkit for Containers 1.8", "release_date" : "2024-09-26T00:00:00Z", "advisory" : "RHSA-2024:7164", "cpe" : "cpe:/a:redhat:rhmt:1.8::el8", "package" : "rhmtc/openshift-migration-ui-rhel8:v1.8.4-10" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date" : "2024-09-03T00:00:00Z", "advisory" : "RHSA-2024:6211", "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8", "package" : "openshift-service-mesh/grafana-rhel8:2.6.1-6" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date" : "2024-09-03T00:00:00Z", "advisory" : "RHSA-2024:6211", "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8", "package" : "openshift-service-mesh/istio-cni-rhel8:2.6.1-7" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date" : "2024-09-03T00:00:00Z", "advisory" : "RHSA-2024:6211", "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8", "package" : "openshift-service-mesh/istio-must-gather-rhel8:2.6.1-4" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date" : "2024-09-03T00:00:00Z", "advisory" : "RHSA-2024:6211", "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8", "package" : "openshift-service-mesh/istio-rhel8-operator:2.6.1-9" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date" : "2024-09-03T00:00:00Z", "advisory" : "RHSA-2024:6211", "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8", "package" : "openshift-service-mesh/kiali-ossmc-rhel8:1.89.0-2" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date" : "2024-09-03T00:00:00Z", "advisory" : "RHSA-2024:6211", "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8", "package" : "openshift-service-mesh/kiali-rhel8:1.89.1-3" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date" : "2024-09-03T00:00:00Z", "advisory" : "RHSA-2024:6211", "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8", "package" : "openshift-service-mesh/kiali-rhel8-operator:1.89.1-1" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date" : "2024-09-03T00:00:00Z", "advisory" : "RHSA-2024:6211", "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8", "package" : "openshift-service-mesh/pilot-rhel8:2.6.1-7" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date" : "2024-09-03T00:00:00Z", "advisory" : "RHSA-2024:6211", "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8", "package" : "openshift-service-mesh/ratelimit-rhel8:2.6.1-6" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.6 for RHEL 9", "release_date" : "2024-09-03T00:00:00Z", "advisory" : "RHSA-2024:6211", "cpe" : "cpe:/a:redhat:service_mesh:2.6::el9", "package" : "openshift-service-mesh/proxyv2-rhel9:2.6.1-4" } ], "package_state" : [ { "product_name" : "Cryostat 2", "fix_state" : "Affected", "package_name" : "braces", "cpe" : "cpe:/a:redhat:cryostat:2" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Under investigation", "package_name" : "openshift-logging/kibana6-rhel8", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Under investigation", "package_name" : "openshift-logging/logging-view-plugin-rhel8", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Migration Toolkit for Applications 7", "fix_state" : "Not affected", "package_name" : "mta/mta-cli-rhel9", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:7" }, { "product_name" : "Migration Toolkit for Applications 7", "fix_state" : "Will not fix", "package_name" : "mta/mta-ui-rhel9", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:7" }, { "product_name" : "Migration Toolkit for Runtimes", "fix_state" : "Affected", "package_name" : "braces", "cpe" : "cpe:/a:redhat:migration_toolkit_runtimes:1" }, { "product_name" : "Migration Toolkit for Virtualization", "fix_state" : "Affected", "package_name" : "migration-toolkit-virtualization/mtv-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2" }, { "product_name" : "Network Observability Operator", "fix_state" : "Will not fix", "package_name" : "network-observability/network-observability-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:network_observ_optr:1" }, { "product_name" : "Node HealthCheck Operator", "fix_state" : "Will not fix", "package_name" : "workload-availability/node-remediation-console-rhel8", "cpe" : "cpe:/a:redhat:workload_availability_nhc:0" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Under investigation", "package_name" : "openshift-pipelines/pipelines-console-plugin-rhel8", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Under investigation", "package_name" : "openshift-pipelines/pipelines-hub-ui-rhel8", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "braces", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp-system-container", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat Advanced Cluster Security 3", "fix_state" : "Under investigation", "package_name" : "advanced-cluster-security/rhacs-main-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:3" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Under investigation", "package_name" : "advanced-cluster-security/rhacs-main-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "aap-cloud-ui-container", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "ansible-automation-platform-25/lightspeed-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Affected", "package_name" : "automation-controller", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "automation-eda-controller", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat build of Apache Camel - HawtIO 4", "fix_state" : "Will not fix", "package_name" : "braces", "cpe" : "cpe:/a:redhat:apache_camel_hawtio:4" }, { "product_name" : "Red Hat build of Apicurio Registry 2", "fix_state" : "Affected", "package_name" : "braces", "cpe" : "cpe:/a:redhat:service_registry:2" }, { "product_name" : "Red Hat Build of Keycloak", "fix_state" : "Affected", "package_name" : "braces", "cpe" : "cpe:/a:redhat:build_keycloak:" }, { "product_name" : "Red Hat build of OptaPlanner 8", "fix_state" : "Will not fix", "package_name" : "braces", "cpe" : "cpe:/a:redhat:optaplanner:::el6" }, { "product_name" : "Red Hat Data Grid 8", "fix_state" : "Will not fix", "package_name" : "braces", "cpe" : "cpe:/a:redhat:jboss_data_grid:8" }, { "product_name" : "Red Hat Discovery 1", "fix_state" : "Will not fix", "package_name" : "discovery-server-container", "cpe" : "cpe:/a:redhat:discovery:1" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "nodejs-nodemon", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "mozjs60", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "nodejs:18/nodejs-nodemon", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "nodejs:20/nodejs-nodemon", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Will not fix", "package_name" : "pcs", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "gjs", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "nodejs:20/nodejs-nodemon", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "nodejs:22/nodejs-nodemon", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Will not fix", "package_name" : "pcs", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "polkit", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Will not fix", "package_name" : "braces", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Integration Camel K 1", "fix_state" : "Will not fix", "package_name" : "braces", "cpe" : "cpe:/a:redhat:integration:1" }, { "product_name" : "Red Hat JBoss Data Grid 7", "fix_state" : "Out of support scope", "package_name" : "braces", "cpe" : "cpe:/a:redhat:jboss_data_grid:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "fix_state" : "Out of support scope", "package_name" : "braces", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8", "fix_state" : "Fix deferred", "package_name" : "braces", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Will not fix", "package_name" : "braces", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "Red Hat OpenShift Container Platform 3.11", "fix_state" : "Under investigation", "package_name" : "openshift3/ose-console", "cpe" : "cpe:/a:redhat:openshift:3.11" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/nmstate-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-console", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-monitoring-plugin-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-networking-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat Openshift Container Storage 4", "fix_state" : "Affected", "package_name" : "ocs4/mcg-core-rhel8", "cpe" : "cpe:/a:redhat:openshift_container_storage:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Not affected", "package_name" : "odf4/mcg-core-rhel8", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Not affected", "package_name" : "odf4/odf-console-rhel9", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat OpenShift Data Science (RHODS)", "fix_state" : "Affected", "package_name" : "rhods/odh-dashboard-rhel8", "cpe" : "cpe:/a:redhat:openshift_data_science" }, { "product_name" : "Red Hat OpenShift Data Science (RHODS)", "fix_state" : "Affected", "package_name" : "rhods/odh-operator-rhel8", "cpe" : "cpe:/a:redhat:openshift_data_science" }, { "product_name" : "Red Hat OpenShift Data Science (RHODS)", "fix_state" : "Affected", "package_name" : "rhods/odh-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_data_science" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Under investigation", "package_name" : "devspaces/code-rhel8", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift distributed tracing 2", "fix_state" : "Will not fix", "package_name" : "rhosdt/jaeger-agent-rhel8", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:2" }, { "product_name" : "Red Hat OpenShift distributed tracing 3", "fix_state" : "Will not fix", "package_name" : "rhosdt/jaeger-agent-rhel8", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Affected", "package_name" : "openshift-gitops-1/argocd-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Will not fix", "package_name" : "openshift-gitops-1/argo-rollouts-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Affected", "package_name" : "openshift-gitops-1/console-plugin-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Under investigation", "package_name" : "openshift-gitops-1/gitops-operator-bundle", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Will not fix", "package_name" : "container-native-virtualization/kubevirt-console-plugin", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Will not fix", "package_name" : "container-native-virtualization/kubevirt-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Will not fix", "package_name" : "braces", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Quay 3", "fix_state" : "Under investigation", "package_name" : "quay/quay-rhel8", "cpe" : "cpe:/a:redhat:quay:3" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Affected", "package_name" : "nodejs-webpack", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Will not fix", "package_name" : "satellite:el8/rubygem-rabl", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Single Sign-On 7", "fix_state" : "Will not fix", "package_name" : "braces", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Will not fix", "package_name" : "rh-nodejs14-nodejs-nodemon", "cpe" : "cpe:/a:redhat:rhel_software_collections:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-4068\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-4068\nhttps://devhub.checkmarx.com/cve-details/CVE-2024-4068/\nhttps://github.com/micromatch/braces/blob/98414f9f1fabe021736e26836d8306d5de747e0d/lib/parse.js#L308\nhttps://github.com/micromatch/braces/issues/35" ], "name" : "CVE-2024-4068", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }