Action not permitted
Modal body text goes here.
cve-2020-7656
Vulnerability from cvelistv5
Published
2020-05-19 00:00
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| report@snyk.io | https://security.netapp.com/advisory/ntap-20200528-0001/ | Third Party Advisory | |
| report@snyk.io | https://snyk.io/vuln/SNYK-JS-JQUERY-569619 | Exploit, Third Party Advisory | |
| report@snyk.io | https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US | Third Party Advisory | |
| report@snyk.io | https://www.oracle.com/security-alerts/cpujul2022.html | Third Party Advisory |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200528-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-569619"
},
{
"tags": [
"x_transferred"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "jquery",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions prior to version 1.9.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character, i.e: \"\u003c/script \u003e\", which results in the enclosed script logic to be executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T00:00:00",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20200528-0001/"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-569619"
},
{
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7656",
"datePublished": "2020-05-19T00:00:00",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2020-7656\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2020-05-19T21:15:10.257\",\"lastModified\":\"2023-06-22T19:49:24.680\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \\\"\u003cscript\u003e\\\" HTML tags that contain a whitespace character, i.e: \\\"\u003c/script \u003e\\\", which results in the enclosed script logic to be executed.\"},{\"lang\":\"es\",\"value\":\"jquery versiones anteriores a 1.9.0, permite ataques de tipo Cross-site Scripting por medio del m\u00e9todo de carga. El m\u00e9todo de carga presenta un fallo al reconocer y eliminar las etiquetas HTML \\\"(script)\\\" que contienen un car\u00e1cter de espacio en blanco, es decir: \\\"(/script )\\\", lo cual resulta en que la l\u00f3gica de script adjunta sea ejecutada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jquery:jquery:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"1.9.0\",\"matchCriteriaId\":\"49F1A5F5-D118-444E-B0EA-757DD5E181AC\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*\",\"matchCriteriaId\":\"F3E0B672-3E06-4422-B2A4-0BD073AEC2A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*\",\"matchCriteriaId\":\"3A756737-1CC4-42C2-A4DF-E1C893B4E2D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*\",\"matchCriteriaId\":\"B55E8D50-99B4-47EC-86F9-699B67D473CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C2089EE-5D7F-47EC-8EA5-0F69790564C4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndIncluding\":\"3.1.3\",\"matchCriteriaId\":\"34B80C9D-62AA-42FA-AB46-F8A414FCBE5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F4754FB-E3EB-454A-AB1A-AE3835C5350C\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"216E7DDE-453D-481F-92E2-9F8466CDDA3F\"}]}]}],\"references\":[{\"url\":\"https://security.netapp.com/advisory/ntap-20200528-0001/\",\"source\":\"report@snyk.io\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JS-JQUERY-569619\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US\",\"source\":\"report@snyk.io\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"report@snyk.io\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
rhsa-2020_4211
Vulnerability from csaf_redhat
Published
2020-10-08 07:01
Modified
2025-03-25 16:58
Summary
Red Hat Security Advisory: Red Hat AMQ Interconnect 1.9.0 release and security update
Notes
Topic
Red Hat AMQ Interconnect 1.9.0 release packages are available for A-MQ Interconnect on RHEL 6, 7, and 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat AMQ Interconnect is a component of the AMQ 7 product family. AMQ Interconnect provides flexible routing of messages between AMQP-enabled endpoints, whether they are clients, servers, brokers, or any other entity that can send or receive standard AMQP messages.
This release of Red Hat AMQ Interconnect 1.9.0 serves as a replacement for Red Hat AMQ Interconnect 1.8.0 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* jQuery: allows XSS via the load method (CVE-2020-7656)
* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
* jQuery: passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AMQ Interconnect 1.9.0 release packages are available for A-MQ Interconnect on RHEL 6, 7, and 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat AMQ Interconnect is a component of the AMQ 7 product family. AMQ Interconnect provides flexible routing of messages between AMQP-enabled endpoints, whether they are clients, servers, brokers, or any other entity that can send or receive standard AMQP messages.\n\nThis release of Red Hat AMQ Interconnect 1.9.0 serves as a replacement for Red Hat AMQ Interconnect 1.8.0 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* jQuery: allows XSS via the load method (CVE-2020-7656)\n\n* jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)\n\n* jQuery: passing HTML containing \u003coption\u003e elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgements, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:4211",
"url": "https://access.redhat.com/errata/RHSA-2020:4211"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.interconnect\u0026downloadType=distributions\u0026version=1.9.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.amq.interconnect\u0026downloadType=distributions\u0026version=1.9.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_amq/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_amq/"
},
{
"category": "external",
"summary": "1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "1850119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850119"
},
{
"category": "external",
"summary": "ENTMQIC-2448",
"url": "https://issues.redhat.com/browse/ENTMQIC-2448"
},
{
"category": "external",
"summary": "ENTMQIC-2455",
"url": "https://issues.redhat.com/browse/ENTMQIC-2455"
},
{
"category": "external",
"summary": "ENTMQIC-2460",
"url": "https://issues.redhat.com/browse/ENTMQIC-2460"
},
{
"category": "external",
"summary": "ENTMQIC-2481",
"url": "https://issues.redhat.com/browse/ENTMQIC-2481"
},
{
"category": "external",
"summary": "ENTMQIC-2485",
"url": "https://issues.redhat.com/browse/ENTMQIC-2485"
},
{
"category": "external",
"summary": "ENTMQIC-2492",
"url": "https://issues.redhat.com/browse/ENTMQIC-2492"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4211.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AMQ Interconnect 1.9.0 release and security update",
"tracking": {
"current_release_date": "2025-03-25T16:58:53+00:00",
"generator": {
"date": "2025-03-25T16:58:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.4.1"
}
},
"id": "RHSA-2020:4211",
"initial_release_date": "2020-10-08T07:01:31+00:00",
"revision_history": [
{
"date": "2020-10-08T07:01:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-10-08T07:01:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-03-25T16:58:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AMQ Interconnect 1",
"product": {
"name": "Red Hat AMQ Interconnect 1",
"product_id": "7ComputeNode-RH7-A-MQ-Interconnect-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_interconnect:1::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat AMQ Interconnect 1",
"product": {
"name": "Red Hat AMQ Interconnect 1",
"product_id": "7Server-RH7-A-MQ-Interconnect-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_interconnect:1::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat AMQ Interconnect 1",
"product": {
"name": "Red Hat AMQ Interconnect 1",
"product_id": "7Workstation-RH7-A-MQ-Interconnect-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_interconnect:1::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat AMQ Interconnect 1",
"product": {
"name": "Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_interconnect:1::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat AMQ Interconnect 1",
"product": {
"name": "Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_interconnect:1::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat AMQ Interconnect 1",
"product": {
"name": "Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_interconnect:1::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat AMQ Interconnect 1",
"product": {
"name": "Red Hat AMQ Interconnect 1",
"product_id": "8Base-A-MQ-Interconnect-1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_interconnect:1::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss AMQ Interconnect"
},
{
"branches": [
{
"category": "product_version",
"name": "qpid-dispatch-0:1.13.0-3.el7.src",
"product": {
"name": "qpid-dispatch-0:1.13.0-3.el7.src",
"product_id": "qpid-dispatch-0:1.13.0-3.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch@1.13.0-3.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-0:1.13.0-3.el6_10.src",
"product": {
"name": "qpid-dispatch-0:1.13.0-3.el6_10.src",
"product_id": "qpid-dispatch-0:1.13.0-3.el6_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch@1.13.0-3.el6_10?arch=src"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-0:1.13.0-3.el8.src",
"product": {
"name": "qpid-dispatch-0:1.13.0-3.el8.src",
"product_id": "qpid-dispatch-0:1.13.0-3.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch@1.13.0-3.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"product": {
"name": "qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"product_id": "qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-console@1.13.0-3.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"product": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"product_id": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-docs@1.13.0-3.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"product": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"product_id": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-tools@1.13.0-3.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"product": {
"name": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"product_id": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-console@1.13.0-3.el6_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"product": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"product_id": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-docs@1.13.0-3.el6_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"product": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"product_id": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-tools@1.13.0-3.el6_10?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"product": {
"name": "qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"product_id": "qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-console@1.13.0-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"product": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"product_id": "qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-docs@1.13.0-3.el8?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-tools-0:1.13.0-3.el8.noarch",
"product": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el8.noarch",
"product_id": "qpid-dispatch-tools-0:1.13.0-3.el8.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-tools@1.13.0-3.el8?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"product": {
"name": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"product_id": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-router@1.13.0-3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"product": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"product_id": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-debuginfo@1.13.0-3.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"product": {
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"product_id": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-router@1.13.0-3.el6_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"product": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"product_id": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-debuginfo@1.13.0-3.el6_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"product": {
"name": "qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"product_id": "qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-router@1.13.0-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"product": {
"name": "qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"product_id": "qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-debugsource@1.13.0-3.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"product": {
"name": "qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"product_id": "qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-router-debuginfo@1.13.0-3.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"product": {
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"product_id": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-router@1.13.0-3.el6_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"product": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"product_id": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/qpid-dispatch-debuginfo@1.13.0-3.el6_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-0:1.13.0-3.el6_10.src as a component of Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src"
},
"product_reference": "qpid-dispatch-0:1.13.0-3.el6_10.src",
"relates_to_product_reference": "6ComputeNode-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6ComputeNode-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6ComputeNode-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"relates_to_product_reference": "6ComputeNode-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"relates_to_product_reference": "6ComputeNode-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6ComputeNode-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-0:1.13.0-3.el6_10.src as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src"
},
"product_reference": "qpid-dispatch-0:1.13.0-3.el6_10.src",
"relates_to_product_reference": "6Server-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6Server-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"relates_to_product_reference": "6Server-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"relates_to_product_reference": "6Server-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6Server-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"relates_to_product_reference": "6Server-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"relates_to_product_reference": "6Server-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6Server-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-0:1.13.0-3.el6_10.src as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src"
},
"product_reference": "qpid-dispatch-0:1.13.0-3.el6_10.src",
"relates_to_product_reference": "6Workstation-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6Workstation-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"relates_to_product_reference": "6Workstation-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6Workstation-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"relates_to_product_reference": "6Workstation-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"relates_to_product_reference": "6Workstation-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch"
},
"product_reference": "qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"relates_to_product_reference": "6Workstation-RH6-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-0:1.13.0-3.el7.src as a component of Red Hat AMQ Interconnect 1",
"product_id": "7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src"
},
"product_reference": "qpid-dispatch-0:1.13.0-3.el7.src",
"relates_to_product_reference": "7ComputeNode-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-console-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7ComputeNode-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7ComputeNode-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7ComputeNode-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-0:1.13.0-3.el7.src as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src"
},
"product_reference": "qpid-dispatch-0:1.13.0-3.el7.src",
"relates_to_product_reference": "7Server-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-console-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7Server-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7Server-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"relates_to_product_reference": "7Server-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7Server-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-0:1.13.0-3.el7.src as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src"
},
"product_reference": "qpid-dispatch-0:1.13.0-3.el7.src",
"relates_to_product_reference": "7Workstation-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-console-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7Workstation-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64"
},
"product_reference": "qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"relates_to_product_reference": "7Workstation-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7Workstation-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"relates_to_product_reference": "7Workstation-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch"
},
"product_reference": "qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"relates_to_product_reference": "7Workstation-RH7-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-0:1.13.0-3.el8.src as a component of Red Hat AMQ Interconnect 1",
"product_id": "8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src"
},
"product_reference": "qpid-dispatch-0:1.13.0-3.el8.src",
"relates_to_product_reference": "8Base-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-console-0:1.13.0-3.el8.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch"
},
"product_reference": "qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"relates_to_product_reference": "8Base-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64"
},
"product_reference": "qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"relates_to_product_reference": "8Base-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-docs-0:1.13.0-3.el8.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch"
},
"product_reference": "qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"relates_to_product_reference": "8Base-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-0:1.13.0-3.el8.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64"
},
"product_reference": "qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"relates_to_product_reference": "8Base-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64 as a component of Red Hat AMQ Interconnect 1",
"product_id": "8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64"
},
"product_reference": "qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"relates_to_product_reference": "8Base-A-MQ-Interconnect-1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "qpid-dispatch-tools-0:1.13.0-3.el8.noarch as a component of Red Hat AMQ Interconnect 1",
"product_id": "8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
},
"product_reference": "qpid-dispatch-tools-0:1.13.0-3.el8.noarch",
"relates_to_product_reference": "8Base-A-MQ-Interconnect-1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-7656",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850119"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jquery in versions prior to 1.9.0. A cross-site scripting attack is possible as the load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character which results in the enclosed script logic to be executed. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting (XSS) via \u003cscript\u003e HTML tags containing whitespaces",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux version 6, 7 and 8 ship a vulnerable version of JQuery in the `pcs` component. However the vulnerable has not been found to be exploitable in reasonable scenarios. A future update may update JQuery to a fixed version.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7656"
},
{
"category": "external",
"summary": "RHBZ#1850119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850119"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7656",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7656"
}
],
"release_date": "2020-05-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-08T07:01:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting (XSS) via \u003cscript\u003e HTML tags containing whitespaces"
},
{
"cve": "CVE-2020-11022",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-04-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1828406"
}
],
"notes": [
{
"category": "description",
"text": "A Cross-site scripting (XSS) vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the \u2018HTML\u2019 function to inject Javascript into the page where that input is rendered, and have it delivered by the browser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No supported release of Red Hat OpenStack Platform is affected by this vulnerability as no shipped packages contain the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11022"
},
{
"category": "external",
"summary": "RHBZ#1828406",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1828406"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11022"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2",
"url": "https://github.com/advisories/GHSA-gxr4-xjj5-5px2"
}
],
"release_date": "2020-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-08T07:01:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4211"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The \u0027gcc\u0027 and \u0027tbb\u0027 packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the \u0027gcc\u0027 component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-10-08T07:01:31+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:4211"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6ComputeNode-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Server-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el6_10.src",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el6_10.noarch",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.i686",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el6_10.x86_64",
"6Workstation-RH6-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el6_10.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7ComputeNode-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Server-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el7.src",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-debuginfo-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el7.noarch",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el7.x86_64",
"7Workstation-RH7-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el7.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-0:1.13.0-3.el8.src",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-console-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-debugsource-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-docs-0:1.13.0-3.el8.noarch",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-router-debuginfo-0:1.13.0-3.el8.x86_64",
"8Base-A-MQ-Interconnect-1:qpid-dispatch-tools-0:1.13.0-3.el8.noarch"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
}
]
}
rhsa-2021_4142
Vulnerability from csaf_redhat
Published
2021-11-09 17:49
Modified
2025-03-25 16:58
Summary
Red Hat Security Advisory: pcs security, bug fix, and enhancement update
Notes
Topic
An update for pcs is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
The following packages have been upgraded to a later upstream version: pcs (0.10.10). (BZ#1935594)
Security Fix(es):
* jquery: Cross-site scripting (XSS) via <script> HTML tags containing whitespaces (CVE-2020-7656)
* jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for pcs is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.\n\nThe following packages have been upgraded to a later upstream version: pcs (0.10.10). (BZ#1935594)\n\nSecurity Fix(es):\n\n* jquery: Cross-site scripting (XSS) via \u003cscript\u003e HTML tags containing whitespaces (CVE-2020-7656)\n\n* jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods (CVE-2020-11023)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:4142",
"url": "https://access.redhat.com/errata/RHSA-2021:4142"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/"
},
{
"category": "external",
"summary": "1290830",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290830"
},
{
"category": "external",
"summary": "1432097",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432097"
},
{
"category": "external",
"summary": "1678273",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1678273"
},
{
"category": "external",
"summary": "1690419",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1690419"
},
{
"category": "external",
"summary": "1720221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1720221"
},
{
"category": "external",
"summary": "1759995",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1759995"
},
{
"category": "external",
"summary": "1841019",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1841019"
},
{
"category": "external",
"summary": "1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "1850119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850119"
},
{
"category": "external",
"summary": "1854238",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1854238"
},
{
"category": "external",
"summary": "1872378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1872378"
},
{
"category": "external",
"summary": "1885293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885293"
},
{
"category": "external",
"summary": "1885302",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1885302"
},
{
"category": "external",
"summary": "1896458",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1896458"
},
{
"category": "external",
"summary": "1909901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1909901"
},
{
"category": "external",
"summary": "1922996",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1922996"
},
{
"category": "external",
"summary": "1927384",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927384"
},
{
"category": "external",
"summary": "1927394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927394"
},
{
"category": "external",
"summary": "1930886",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1930886"
},
{
"category": "external",
"summary": "1935594",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935594"
},
{
"category": "external",
"summary": "1984901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1984901"
},
{
"category": "external",
"summary": "1991654",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991654"
},
{
"category": "external",
"summary": "1992668",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1992668"
},
{
"category": "external",
"summary": "1998454",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1998454"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_4142.json"
}
],
"title": "Red Hat Security Advisory: pcs security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-03-25T16:58:45+00:00",
"generator": {
"date": "2025-03-25T16:58:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.4.1"
}
},
"id": "RHSA-2021:4142",
"initial_release_date": "2021-11-09T17:49:34+00:00",
"revision_history": [
{
"date": "2021-11-09T17:49:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-11-09T17:49:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-03-25T16:58:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux High Availability (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::highavailability"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::resilientstorage"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.10.10-4.el8.src",
"product": {
"name": "pcs-0:0.10.10-4.el8.src",
"product_id": "pcs-0:0.10.10-4.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.10.10-4.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.10.10-4.el8.aarch64",
"product": {
"name": "pcs-0:0.10.10-4.el8.aarch64",
"product_id": "pcs-0:0.10.10-4.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.10.10-4.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pcs-snmp-0:0.10.10-4.el8.aarch64",
"product": {
"name": "pcs-snmp-0:0.10.10-4.el8.aarch64",
"product_id": "pcs-snmp-0:0.10.10-4.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-snmp@0.10.10-4.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.10.10-4.el8.ppc64le",
"product": {
"name": "pcs-0:0.10.10-4.el8.ppc64le",
"product_id": "pcs-0:0.10.10-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.10.10-4.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pcs-snmp-0:0.10.10-4.el8.ppc64le",
"product": {
"name": "pcs-snmp-0:0.10.10-4.el8.ppc64le",
"product_id": "pcs-snmp-0:0.10.10-4.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-snmp@0.10.10-4.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.10.10-4.el8.x86_64",
"product": {
"name": "pcs-0:0.10.10-4.el8.x86_64",
"product_id": "pcs-0:0.10.10-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.10.10-4.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pcs-snmp-0:0.10.10-4.el8.x86_64",
"product": {
"name": "pcs-snmp-0:0.10.10-4.el8.x86_64",
"product_id": "pcs-snmp-0:0.10.10-4.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-snmp@0.10.10-4.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "pcs-0:0.10.10-4.el8.s390x",
"product": {
"name": "pcs-0:0.10.10-4.el8.s390x",
"product_id": "pcs-0:0.10.10-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs@0.10.10-4.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pcs-snmp-0:0.10.10-4.el8.s390x",
"product": {
"name": "pcs-snmp-0:0.10.10-4.el8.s390x",
"product_id": "pcs-snmp-0:0.10.10-4.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pcs-snmp@0.10.10-4.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.aarch64 as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64"
},
"product_reference": "pcs-0:0.10.10-4.el8.aarch64",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.ppc64le as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le"
},
"product_reference": "pcs-0:0.10.10-4.el8.ppc64le",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.s390x as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x"
},
"product_reference": "pcs-0:0.10.10-4.el8.s390x",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.src as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src"
},
"product_reference": "pcs-0:0.10.10-4.el8.src",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64"
},
"product_reference": "pcs-0:0.10.10-4.el8.x86_64",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.10-4.el8.aarch64 as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64"
},
"product_reference": "pcs-snmp-0:0.10.10-4.el8.aarch64",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.10-4.el8.ppc64le as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le"
},
"product_reference": "pcs-snmp-0:0.10.10-4.el8.ppc64le",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.10-4.el8.s390x as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x"
},
"product_reference": "pcs-snmp-0:0.10.10-4.el8.s390x",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.10-4.el8.x86_64 as a component of Red Hat Enterprise Linux High Availability (v. 8)",
"product_id": "HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
},
"product_reference": "pcs-snmp-0:0.10.10-4.el8.x86_64",
"relates_to_product_reference": "HighAvailability-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.aarch64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64"
},
"product_reference": "pcs-0:0.10.10-4.el8.aarch64",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.ppc64le as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le"
},
"product_reference": "pcs-0:0.10.10-4.el8.ppc64le",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.s390x as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x"
},
"product_reference": "pcs-0:0.10.10-4.el8.s390x",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.src as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src"
},
"product_reference": "pcs-0:0.10.10-4.el8.src",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-0:0.10.10-4.el8.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64"
},
"product_reference": "pcs-0:0.10.10-4.el8.x86_64",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.10-4.el8.aarch64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64"
},
"product_reference": "pcs-snmp-0:0.10.10-4.el8.aarch64",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.10-4.el8.ppc64le as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le"
},
"product_reference": "pcs-snmp-0:0.10.10-4.el8.ppc64le",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.10-4.el8.s390x as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x"
},
"product_reference": "pcs-snmp-0:0.10.10-4.el8.s390x",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pcs-snmp-0:0.10.10-4.el8.x86_64 as a component of Red Hat Enterprise Linux Resilient Storage (v. 8)",
"product_id": "ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
},
"product_reference": "pcs-snmp-0:0.10.10-4.el8.x86_64",
"relates_to_product_reference": "ResilientStorage-8.5.0.GA"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11358",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2019-03-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1701972"
}
],
"notes": [
{
"category": "description",
"text": "A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with various consequences.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Virtualization 4.2 EUS contains the affected version of bootstrap in the packages ovirt-js-dependencies and ovirt-engine-dashboard. These packages are deprecated in Red Hat Virtualization 4.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-11358"
},
{
"category": "external",
"summary": "RHBZ#1701972",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1701972"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-11358",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-11358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11358"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/",
"url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
},
{
"category": "external",
"summary": "https://www.drupal.org/sa-core-2019-006",
"url": "https://www.drupal.org/sa-core-2019-006"
}
],
"release_date": "2019-03-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T17:49:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4142"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Prototype pollution in object\u0027s prototype leading to denial of service, remote code execution, or property injection"
},
{
"cve": "CVE-2020-7656",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850119"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jquery in versions prior to 1.9.0. A cross-site scripting attack is possible as the load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character which results in the enclosed script logic to be executed. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Cross-site scripting (XSS) via \u003cscript\u003e HTML tags containing whitespaces",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux version 6, 7 and 8 ship a vulnerable version of JQuery in the `pcs` component. However the vulnerable has not been found to be exploitable in reasonable scenarios. A future update may update JQuery to a fixed version.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-7656"
},
{
"category": "external",
"summary": "RHBZ#1850119",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850119"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-7656",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7656"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-7656",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7656"
}
],
"release_date": "2020-05-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T17:49:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4142"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jquery: Cross-site scripting (XSS) via \u003cscript\u003e HTML tags containing whitespaces"
},
{
"cve": "CVE-2020-11023",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2020-06-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1850004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jQuery. HTML containing \\\u003coption\\\u003e elements from untrusted sources are passed, even after sanitizing, to one of jQuery\u0027s DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Enterprise Linux versions 6, 7, and 8 ship a vulnerable version of JQuery in the `pcs` component. As PCS does not accept untrusted input, the vulnerable code cannot be controlled by an attacker.\n\nMultiple Red Hat offerings use doxygen to build documentation. During this process an affected jquery.js file can be included in the resulting package. The \u0027gcc\u0027 and \u0027tbb\u0027 packages were potentially vulnerable via this method.\n\nOpenShift Container Platform 4 is not affected because even though it uses the \u0027gcc\u0027 component, vulnerable code is limited within the libstdc++-docs rpm package, which is not shipped.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-11023"
},
{
"category": "external",
"summary": "RHBZ#1850004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11023"
},
{
"category": "external",
"summary": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/",
"url": "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2020-04-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-11-09T17:49:34+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:4142"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"HighAvailability-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"HighAvailability-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.src",
"ResilientStorage-8.5.0.GA:pcs-0:0.10.10-4.el8.x86_64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.aarch64",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.ppc64le",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.s390x",
"ResilientStorage-8.5.0.GA:pcs-snmp-0:0.10.10-4.el8.x86_64"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2025-01-23T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jquery: Untrusted code execution via \u003coption\u003e tag in HTML passed to DOM manipulation methods"
}
]
}
ghsa-q4m3-2j7h-f7xw
Vulnerability from github
Published
2020-05-20 16:18
Modified
2024-10-10 16:17
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Summary
Cross-Site Scripting in jquery
Details
Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove <script> HTML tags that contain a whitespace character, i.e: </script >, which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a victim's browser.
Recommendation
Upgrade to version 1.9.0 or later.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "jquery"
},
"ranges": [
{
"events": [
{
"introduced": "1.2.1"
},
{
"fixed": "1.9.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "jQuery"
},
"ranges": [
{
"events": [
{
"introduced": "1.2.1"
},
{
"fixed": "1.9.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "jquery-rails"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.webjars.npm:jquery"
},
"ranges": [
{
"events": [
{
"introduced": "1.2.1"
},
{
"fixed": "1.9.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-7656"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2020-05-20T16:17:45Z",
"nvd_published_at": "2020-05-19T21:15:00Z",
"severity": "MODERATE"
},
"details": "Versions of `jquery` prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove `\u003cscript\u003e` HTML tags that contain a whitespace character, i.e: `\u003c/script \u003e`, which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a victim\u0027s browser.\n\n\n## Recommendation\n\nUpgrade to version 1.9.0 or later.",
"id": "GHSA-q4m3-2j7h-f7xw",
"modified": "2024-10-10T16:17:32Z",
"published": "2020-05-20T16:18:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7656"
},
{
"type": "WEB",
"url": "https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d"
},
{
"type": "WEB",
"url": "https://github.com/jquery/jquery/commit/606b863edaff29035960e4d813b45d63b8d92876"
},
{
"type": "PACKAGE",
"url": "https://github.com/jquery/jquery"
},
{
"type": "WEB",
"url": "https://github.com/jquery/jquery/blob/9e6393b0bcb52b15313f88141d0bd7dd54227426/src/ajax.js#L203"
},
{
"type": "WEB",
"url": "https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#220-19-january-2013"
},
{
"type": "WEB",
"url": "https://github.com/rails/jquery-rails/blob/v2.1.4/vendor/assets/javascripts/jquery.js#L7481"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-7656.yml"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200528-0001"
},
{
"type": "WEB",
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-569619"
},
{
"type": "WEB",
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Cross-Site Scripting in jquery"
}
gsd-2020-7656
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-7656",
"description": "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character, i.e: \"\u003c/script \u003e\", which results in the enclosed script logic to be executed.",
"id": "GSD-2020-7656",
"references": [
"https://access.redhat.com/errata/RHSA-2021:4142",
"https://access.redhat.com/errata/RHSA-2020:4211",
"https://linux.oracle.com/cve/CVE-2020-7656.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-7656"
],
"details": "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character, i.e: \"\u003c/script \u003e\", which results in the enclosed script logic to be executed.",
"id": "GSD-2020-7656",
"modified": "2023-12-13T01:21:52.174266Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jquery",
"version": {
"version_data": [
{
"version_value": "All versions prior to version 1.9.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character, i.e: \"\u003c/script \u003e\", which results in the enclosed script logic to be executed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20200528-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200528-0001/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://snyk.io/vuln/SNYK-JS-JQUERY-569619",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-569619"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200528-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200528-0001/"
},
{
"name": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US",
"refsource": "MISC",
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c2.2.0",
"affected_versions": "All versions before 2.2.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2023-07-10",
"description": "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character, i.e: \"\u003c/script \u003e\", which results in the enclosed script logic to be executed.",
"fixed_versions": [
"2.2.0"
],
"identifier": "CVE-2020-7656",
"identifiers": [
"GHSA-q4m3-2j7h-f7xw",
"CVE-2020-7656"
],
"not_impacted": "All versions starting from 2.2.0",
"package_slug": "gem/jquery-rails",
"pubdate": "2020-05-20",
"solution": "Upgrade to version 2.2.0 or above.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-7656",
"https://snyk.io/vuln/SNYK-JS-JQUERY-569619",
"https://security.netapp.com/advisory/ntap-20200528-0001/",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"https://github.com/jquery/jquery/blob/9e6393b0bcb52b15313f88141d0bd7dd54227426/src/ajax.js#L203",
"https://github.com/rails/jquery-rails/blob/master/CHANGELOG.md#220-19-january-2013",
"https://github.com/rails/jquery-rails/blob/v2.1.4/vendor/assets/javascripts/jquery.js#L7481",
"https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US",
"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/jquery-rails/CVE-2020-7656.yml",
"https://github.com/advisories/GHSA-q4m3-2j7h-f7xw"
],
"uuid": "3ecbd5f3-d5ac-4596-bb3e-9b8255642347"
},
{
"affected_range": "\u003c1.9.0",
"affected_versions": "All versions before 1.9.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2020-05-28",
"description": "jQuery, which is used by the rdoc gem, allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove `\u003cscript\u003e` HTML tags that contain a whitespace character, i.e., `\u003c/script \u003e`, which results in the enclosed script logic to be executed.",
"fixed_versions": [
"2.0.0"
],
"identifier": "CVE-2020-7656",
"identifiers": [
"CVE-2020-7656"
],
"not_impacted": "All versions starting from 1.9.0",
"package_slug": "gem/rdoc",
"pubdate": "2020-05-19",
"solution": "Upgrade to version 2.0.0 or above.",
"title": "Cross-site Scripting",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-7656"
],
"uuid": "aa33ca08-0d7b-4e26-9ceb-83fbd44e9f05"
},
{
"affected_range": "\u003c1.9.0",
"affected_versions": "All versions before 1.9.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2020-05-28",
"description": "JQuery allows Cross-site Scripting attacks via the `load` method. The `load` method fails to recognize and remove `\u003cscript\u003e` HTML tags that contain a whitespace character such as `\u003c/script \u003e`.",
"fixed_versions": [
"1.9.1"
],
"identifier": "CVE-2020-7656",
"identifiers": [
"CVE-2020-7656"
],
"not_impacted": "All versions starting from 1.9.0",
"package_slug": "npm/jquery",
"pubdate": "2020-05-19",
"solution": "Upgrade to version 1.9.1 or above.",
"title": "Cross-site Scripting",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-7656"
],
"uuid": "65460751-636c-4e9f-9dd3-00bfc7379043"
},
{
"affected_range": "(,1.9.0)",
"affected_versions": "All versions before 1.9.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-79",
"CWE-937"
],
"date": "2023-05-30",
"description": "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character, i.e: \"\u003c/script \u003e\", which results in the enclosed script logic to be executed.",
"fixed_versions": [
"1.9.0"
],
"identifier": "CVE-2020-7656",
"identifiers": [
"GHSA-q4m3-2j7h-f7xw",
"CVE-2020-7656"
],
"not_impacted": "All versions starting from 1.9.0",
"package_slug": "nuget/jQuery",
"pubdate": "2020-05-20",
"solution": "Upgrade to version 1.9.0 or above.",
"title": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-7656",
"https://snyk.io/vuln/SNYK-JS-JQUERY-569619",
"https://security.netapp.com/advisory/ntap-20200528-0001/",
"https://github.com/advisories/GHSA-q4m3-2j7h-f7xw",
"https://www.npmjs.com/advisories/1524",
"https://www.oracle.com/security-alerts/cpujul2022.html"
],
"uuid": "014e4e8b-8cb3-4e2e-ad6d-7b607282afdc"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:node.js:*:*",
"cpe_name": [],
"versionEndExcluding": "1.9.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.1.3",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7656"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove \"\u003cscript\u003e\" HTML tags that contain a whitespace character, i.e: \"\u003c/script \u003e\", which results in the enclosed script logic to be executed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-JQUERY-569619",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-569619"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200528-0001/",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200528-0001/"
},
{
"name": "N/A",
"refsource": "N/A",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1?language=en_US"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
},
"lastModifiedDate": "2023-06-22T19:49Z",
"publishedDate": "2020-05-19T21:15Z"
}
}
}
wid-sec-w-2023-0558
Vulnerability from csaf_certbund
Published
2020-05-25 22:00
Modified
2024-05-07 22:00
Summary
jQuery: Schwachstelle ermöglicht Cross-Site Scripting
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
jQuery ist eine freie JavaScript-Bibliothek, die Funktionen zur DOM-Navigation und -Manipulation zur Verfügung stellt.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in jQuery ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "jQuery ist eine freie JavaScript-Bibliothek, die Funktionen zur DOM-Navigation und -Manipulation zur Verf\u00fcgung stellt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in jQuery ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0558 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2023-0558.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0558 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0558"
},
{
"category": "external",
"summary": "NIST Database CVE-2020-7656 vom 2020-05-25",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7656"
},
{
"category": "external",
"summary": "PoC auf snyk.io",
"url": "https://snyk.io/vuln/SNYK-JS-JQUERY-569619"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2020:4211 vom 2020-10-08",
"url": "https://access.redhat.com/errata/RHSA-2020:4211"
},
{
"category": "external",
"summary": "Juniper Security Advisory JSA11203 vom 2021-07-14",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11203\u0026cat=SIRT_1"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2021:4142 vom 2021-11-09",
"url": "https://access.redhat.com/errata/RHSA-2021:4142"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2021-9552 vom 2021-11-19",
"url": "https://linux.oracle.com/errata/ELSA-2021-9552.html"
},
{
"category": "external",
"summary": "Tenable Security Advisory TNS-2023-09 vom 2023-03-02",
"url": "https://www.tenable.com/security/tns-2023-09"
},
{
"category": "external",
"summary": "SolarWinds Platform 2023.3 Release Notes",
"url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-3_release_notes.htm"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7060517 vom 2023-10-26",
"url": "https://www.ibm.com/support/pages/node/7060517"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7148094 vom 2024-04-11",
"url": "https://www.ibm.com/support/pages/node/7148094"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7150527 vom 2024-05-08",
"url": "https://www.ibm.com/support/pages/node/7150527"
}
],
"source_lang": "en-US",
"title": "jQuery: Schwachstelle erm\u00f6glicht Cross-Site Scripting",
"tracking": {
"current_release_date": "2024-05-07T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:46:05.663+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-0558",
"initial_release_date": "2020-05-25T22:00:00.000+00:00",
"revision_history": [
{
"date": "2020-05-25T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2020-10-07T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-07-14T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Juniper aufgenommen"
},
{
"date": "2021-11-09T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2021-11-18T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2023-03-02T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Tenable aufgenommen"
},
{
"date": "2023-07-25T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2023-10-26T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-04-11T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2024-05-07T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "10"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "7.6.1.2",
"product": {
"name": "IBM Maximo Asset Management 7.6.1.2",
"product_id": "812526",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:maximo_asset_management:7.6.1.2"
}
}
}
],
"category": "product_name",
"name": "Maximo Asset Management"
},
{
"branches": [
{
"category": "product_version",
"name": "7.5",
"product": {
"name": "IBM QRadar SIEM 7.5",
"product_id": "T022954",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.2.0.0",
"product": {
"name": "IBM Storage Scale \u003c5.2.0.0",
"product_id": "T034454"
}
},
{
"category": "product_version_range",
"name": "\u003c5.1.9-2",
"product": {
"name": "IBM Storage Scale \u003c5.1.9-2",
"product_id": "T034597"
}
}
],
"category": "product_name",
"name": "Storage Scale"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Juniper JUNOS",
"product": {
"name": "Juniper JUNOS",
"product_id": "5930",
"product_identification_helper": {
"cpe": "cpe:/o:juniper:junos:-"
}
}
}
],
"category": "vendor",
"name": "Juniper"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.9.0",
"product": {
"name": "Open Source jQuery \u003c1.9.0",
"product_id": "432958"
}
}
],
"category": "product_name",
"name": "jQuery"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T004914",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c2023.3",
"product": {
"name": "SolarWinds Platform \u003c2023.3",
"product_id": "T028897"
}
}
],
"category": "product_name",
"name": "Platform"
}
],
"category": "vendor",
"name": "SolarWinds"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.5.0",
"product": {
"name": "Tenable Security Nessus \u003c10.5.0",
"product_id": "T026604"
}
}
],
"category": "product_name",
"name": "Nessus"
}
],
"category": "vendor",
"name": "Tenable Security"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-7656",
"notes": [
{
"category": "description",
"text": "In jQuery existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter anonymer Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen eine modifizierte URL oder Webseite in seinem Webbrowser zu \u00f6ffnen."
}
],
"product_status": {
"known_affected": [
"T022954",
"T026604",
"67646",
"5930",
"812526",
"T028897",
"T004914",
"T034454",
"T034597"
]
},
"release_date": "2020-05-25T22:00:00.000+00:00",
"title": "CVE-2020-7656"
}
]
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.