{
  "threat_severity" : "Important",
  "public_date" : "2025-03-28T00:00:00Z",
  "bugzilla" : {
    "description" : "redoc: Prototype Pollution in redoc",
    "id" : "2355865",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2355865"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-1321",
  "details" : [ "A prototype pollution in the component Module.mergeObjects (redoc/bundles/redoc.lib.js:2) of redoc <= 2.2.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.", "A flaw was found in redoc. This vulnerability can allow an attacker to cause a Denial of Service (DoS) via supplying a crafted payload." ],
  "statement" : "This vulnerability is rated as an Important severity because it allows attackers to exploit a prototype pollution issue in the Module.mergeObjects method by crafting a malicious payload. An attacker can alter the built-in Object.prototype, causing a Denial of Service (DoS) condition, leading to system instability, impacting the availability of the affected system.",
  "affected_release" : [ {
    "product_name" : "Red Hat Advanced Cluster Security 4.5",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3928",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.5::el8",
    "package" : "advanced-cluster-security/rhacs-central-db-rhel8:4.5.9-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.5",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3928",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.5::el8",
    "package" : "advanced-cluster-security/rhacs-collector-rhel8:4.5.9-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.5",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3928",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.5::el8",
    "package" : "advanced-cluster-security/rhacs-collector-slim-rhel8:4.5.9-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.5",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3928",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.5::el8",
    "package" : "advanced-cluster-security/rhacs-main-rhel8:4.5.9-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.5",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3928",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.5::el8",
    "package" : "advanced-cluster-security/rhacs-operator-bundle:4.5.9-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.5",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3928",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.5::el8",
    "package" : "advanced-cluster-security/rhacs-rhel8-operator:4.5.9-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.5",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3928",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.5::el8",
    "package" : "advanced-cluster-security/rhacs-roxctl-rhel8:4.5.9-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.5",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3928",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.5::el8",
    "package" : "advanced-cluster-security/rhacs-scanner-db-rhel8:4.5.9-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.5",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3928",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.5::el8",
    "package" : "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.5.9-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.5",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3928",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.5::el8",
    "package" : "advanced-cluster-security/rhacs-scanner-rhel8:4.5.9-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.5",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3928",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.5::el8",
    "package" : "advanced-cluster-security/rhacs-scanner-slim-rhel8:4.5.9-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.5",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3928",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.5::el8",
    "package" : "advanced-cluster-security/rhacs-scanner-v4-db-rhel8:4.5.9-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.5",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3928",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.5::el8",
    "package" : "advanced-cluster-security/rhacs-scanner-v4-rhel8:4.5.9-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.6",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3929",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8",
    "package" : "advanced-cluster-security/rhacs-central-db-rhel8:4.6.5-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.6",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3929",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8",
    "package" : "advanced-cluster-security/rhacs-collector-rhel8:4.6.5-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.6",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3929",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8",
    "package" : "advanced-cluster-security/rhacs-collector-slim-rhel8:4.6.5-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.6",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3929",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8",
    "package" : "advanced-cluster-security/rhacs-main-rhel8:4.6.5-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.6",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3929",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8",
    "package" : "advanced-cluster-security/rhacs-operator-bundle:4.6.5-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.6",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3929",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8",
    "package" : "advanced-cluster-security/rhacs-rhel8-operator:4.6.5-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.6",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3929",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8",
    "package" : "advanced-cluster-security/rhacs-roxctl-rhel8:4.6.5-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.6",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3929",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8",
    "package" : "advanced-cluster-security/rhacs-scanner-db-rhel8:4.6.5-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.6",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3929",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8",
    "package" : "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.6.5-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.6",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3929",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8",
    "package" : "advanced-cluster-security/rhacs-scanner-rhel8:4.6.5-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.6",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3929",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8",
    "package" : "advanced-cluster-security/rhacs-scanner-slim-rhel8:4.6.5-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.6",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3929",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8",
    "package" : "advanced-cluster-security/rhacs-scanner-v4-db-rhel8:4.6.5-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.6",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3929",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.6::el8",
    "package" : "advanced-cluster-security/rhacs-scanner-v4-rhel8:4.6.5-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.7",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3930",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8",
    "package" : "advanced-cluster-security/rhacs-central-db-rhel8:4.7.2-2"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.7",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3930",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8",
    "package" : "advanced-cluster-security/rhacs-collector-rhel8:4.7.2-2"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.7",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3930",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8",
    "package" : "advanced-cluster-security/rhacs-main-rhel8:4.7.2-3"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.7",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3930",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8",
    "package" : "advanced-cluster-security/rhacs-operator-bundle:4.7.2-4"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.7",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3930",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8",
    "package" : "advanced-cluster-security/rhacs-rhel8-operator:4.7.2-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.7",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3930",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8",
    "package" : "advanced-cluster-security/rhacs-roxctl-rhel8:4.7.2-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.7",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3930",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8",
    "package" : "advanced-cluster-security/rhacs-scanner-db-rhel8:4.7.2-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.7",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3930",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8",
    "package" : "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.7.2-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.7",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3930",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8",
    "package" : "advanced-cluster-security/rhacs-scanner-rhel8:4.7.2-2"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.7",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3930",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8",
    "package" : "advanced-cluster-security/rhacs-scanner-slim-rhel8:4.7.2-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.7",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3930",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8",
    "package" : "advanced-cluster-security/rhacs-scanner-v4-db-rhel8:4.7.2-1"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4.7",
    "release_date" : "2025-04-15T00:00:00Z",
    "advisory" : "RHSA-2025:3930",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8",
    "package" : "advanced-cluster-security/rhacs-scanner-v4-rhel8:4.7.2-3"
  }, {
    "product_name" : "Red Hat OpenShift GitOps 1.14",
    "release_date" : "2025-05-28T00:00:00Z",
    "advisory" : "RHSA-2025:8274",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1.14::el8",
    "package" : "openshift-gitops-1/argocd-rhel8:v1.14.4-1"
  }, {
    "product_name" : "Red Hat OpenShift GitOps 1.14",
    "release_date" : "2025-05-28T00:00:00Z",
    "advisory" : "RHSA-2025:8274",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1.14::el8",
    "package" : "openshift-gitops-1/argocd-rhel9:v1.14.4-1"
  }, {
    "product_name" : "Red Hat OpenShift GitOps 1.14",
    "release_date" : "2025-05-28T00:00:00Z",
    "advisory" : "RHSA-2025:8274",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1.14::el8",
    "package" : "openshift-gitops-1/argo-rollouts-rhel8:v1.14.4-1"
  }, {
    "product_name" : "Red Hat OpenShift GitOps 1.14",
    "release_date" : "2025-05-28T00:00:00Z",
    "advisory" : "RHSA-2025:8274",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1.14::el8",
    "package" : "openshift-gitops-1/console-plugin-rhel8:v1.14.4-1"
  }, {
    "product_name" : "Red Hat OpenShift GitOps 1.14",
    "release_date" : "2025-05-28T00:00:00Z",
    "advisory" : "RHSA-2025:8274",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1.14::el8",
    "package" : "openshift-gitops-1/dex-rhel8:v1.14.4-1"
  }, {
    "product_name" : "Red Hat OpenShift GitOps 1.14",
    "release_date" : "2025-05-28T00:00:00Z",
    "advisory" : "RHSA-2025:8274",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1.14::el8",
    "package" : "openshift-gitops-1/gitops-operator-bundle:v1.14.4-1"
  }, {
    "product_name" : "Red Hat OpenShift GitOps 1.14",
    "release_date" : "2025-05-28T00:00:00Z",
    "advisory" : "RHSA-2025:8274",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1.14::el8",
    "package" : "openshift-gitops-1/gitops-rhel8:v1.14.4-1"
  }, {
    "product_name" : "Red Hat OpenShift GitOps 1.14",
    "release_date" : "2025-05-28T00:00:00Z",
    "advisory" : "RHSA-2025:8274",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1.14::el8",
    "package" : "openshift-gitops-1/gitops-rhel8-operator:v1.14.4-1"
  }, {
    "product_name" : "Red Hat OpenShift GitOps 1.14",
    "release_date" : "2025-05-28T00:00:00Z",
    "advisory" : "RHSA-2025:8274",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1.14::el8",
    "package" : "openshift-gitops-1/kam-delivery-rhel8:v1.14.4-1"
  }, {
    "product_name" : "Red Hat OpenShift GitOps 1.14",
    "release_date" : "2025-05-28T00:00:00Z",
    "advisory" : "RHSA-2025:8274",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1.14::el8",
    "package" : "openshift-gitops-1/must-gather-rhel8:v1.14.4-1"
  }, {
    "product_name" : "Red Hat OpenShift GitOps 1.15",
    "release_date" : "2025-05-15T00:00:00Z",
    "advisory" : "RHSA-2025:7753",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1.15::el8",
    "package" : "openshift-gitops-1/argocd-extensions-rhel8:v1.15.2-4"
  }, {
    "product_name" : "Red Hat OpenShift GitOps 1.15",
    "release_date" : "2025-05-15T00:00:00Z",
    "advisory" : "RHSA-2025:7753",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1.15::el8",
    "package" : "openshift-gitops-1/argocd-rhel8:v1.15.2-4"
  }, {
    "product_name" : "Red Hat OpenShift GitOps 1.15",
    "release_date" : "2025-05-15T00:00:00Z",
    "advisory" : "RHSA-2025:7753",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1.15::el8",
    "package" : "openshift-gitops-1/argocd-rhel9:v1.15.2-1"
  }, {
    "product_name" : "Red Hat OpenShift GitOps 1.15",
    "release_date" : "2025-05-15T00:00:00Z",
    "advisory" : "RHSA-2025:7753",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1.15::el8",
    "package" : "openshift-gitops-1/argo-rollouts-rhel8:v1.15.2-4"
  }, {
    "product_name" : "Red Hat OpenShift GitOps 1.15",
    "release_date" : "2025-05-15T00:00:00Z",
    "advisory" : "RHSA-2025:7753",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1.15::el8",
    "package" : "openshift-gitops-1/console-plugin-rhel8:v1.15.2-4"
  }, {
    "product_name" : "Red Hat OpenShift GitOps 1.15",
    "release_date" : "2025-05-15T00:00:00Z",
    "advisory" : "RHSA-2025:7753",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1.15::el8",
    "package" : "openshift-gitops-1/dex-rhel8:v1.15.2-4"
  }, {
    "product_name" : "Red Hat OpenShift GitOps 1.15",
    "release_date" : "2025-05-15T00:00:00Z",
    "advisory" : "RHSA-2025:7753",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1.15::el8",
    "package" : "openshift-gitops-1/gitops-operator-bundle:v1.15.2-4"
  }, {
    "product_name" : "Red Hat OpenShift GitOps 1.15",
    "release_date" : "2025-05-15T00:00:00Z",
    "advisory" : "RHSA-2025:7753",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1.15::el8",
    "package" : "openshift-gitops-1/gitops-rhel8:v1.15.2-4"
  }, {
    "product_name" : "Red Hat OpenShift GitOps 1.15",
    "release_date" : "2025-05-15T00:00:00Z",
    "advisory" : "RHSA-2025:7753",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1.15::el8",
    "package" : "openshift-gitops-1/gitops-rhel8-operator:v1.15.2-4"
  }, {
    "product_name" : "Red Hat OpenShift GitOps 1.15",
    "release_date" : "2025-05-15T00:00:00Z",
    "advisory" : "RHSA-2025:7753",
    "cpe" : "cpe:/a:redhat:openshift_gitops:1.15::el8",
    "package" : "openshift-gitops-1/must-gather-rhel8:v1.15.2-4"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat build of Apicurio Registry 2",
    "fix_state" : "Affected",
    "package_name" : "io.apicurio-apicurio-registry",
    "cpe" : "cpe:/a:redhat:service_registry:2"
  }, {
    "product_name" : "Red Hat Integration Camel K 1",
    "fix_state" : "Will not fix",
    "package_name" : "io.apicurio-apicurio-registry",
    "cpe" : "cpe:/a:redhat:integration:1"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-57083\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-57083\nhttps://github.com/Redocly/redoc/issues/2499" ],
  "name" : "CVE-2024-57083",
  "csaw" : false
}