{"containers": {"cna": {"providerMetadata": {"dateUpdated": "2020-01-15T20:37:33", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10539. Reason: This candidate is a duplicate of CVE-2016-10539. Notes: All CVE users should reference CVE-2016-10539 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage"}]}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-1000022", "datePublished": "2019-12-20T12:54:20", "dateRejected": "2020-01-15T20:37:33", "dateReserved": "2016-07-12T00:00:00", "dateUpdated": "2020-01-15T20:37:33", "state": "REJECTED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10539. Reason: This candidate is a duplicate of CVE-2016-10539. Notes: All CVE users should reference CVE-2016-10539 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage"}], "id": "CVE-2016-1000022", "lastModified": "2023-11-07T02:29:25.667", "metrics": {}, "published": "2019-12-20T13:15:11.627", "references": [], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Rejected"}

{"affected_release": [{"advisory": "RHSA-2016:1605", "cpe": "cpe:/a:redhat:openshift:3.2::el7", "package": "nodejs-accepts-0:1.3.3-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.2", "release_date": "2016-08-11T00:00:00Z"}, {"advisory": "RHSA-2016:1605", "cpe": "cpe:/a:redhat:openshift:3.2::el7", "package": "nodejs-express-0:4.13.3-4.el7", "product_name": "Red Hat OpenShift Container Platform 3.2", "release_date": "2016-08-11T00:00:00Z"}, {"advisory": "RHSA-2016:1605", "cpe": "cpe:/a:redhat:openshift:3.2::el7", "package": "nodejs-mime-db-0:1.23.0-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.2", "release_date": "2016-08-11T00:00:00Z"}, {"advisory": "RHSA-2016:1605", "cpe": "cpe:/a:redhat:openshift:3.2::el7", "package": "nodejs-mime-types-0:2.1.11-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.2", "release_date": "2016-08-11T00:00:00Z"}, {"advisory": "RHSA-2016:1605", "cpe": "cpe:/a:redhat:openshift:3.2::el7", "package": "nodejs-minimatch-0:3.0.2-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.2", "release_date": "2016-08-11T00:00:00Z"}, {"advisory": "RHSA-2016:1605", "cpe": "cpe:/a:redhat:openshift:3.2::el7", "package": "nodejs-negotiator-0:0.6.1-1.el7", "product_name": "Red Hat OpenShift Container Platform 3.2", "release_date": "2016-08-11T00:00:00Z"}, {"advisory": "RHSA-2016:1605", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-accepts-0:1.3.3-1.el7", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-08-11T00:00:00Z"}, {"advisory": "RHSA-2016:1605", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-express-0:4.13.3-4.el7", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-08-11T00:00:00Z"}, {"advisory": "RHSA-2016:1605", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-mime-db-0:1.23.0-1.el7", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-08-11T00:00:00Z"}, {"advisory": "RHSA-2016:1605", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-mime-types-0:2.1.11-1.el7", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-08-11T00:00:00Z"}, {"advisory": "RHSA-2016:1605", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-minimatch-0:3.0.2-1.el7", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-08-11T00:00:00Z"}, {"advisory": "RHSA-2016:1605", "cpe": "cpe:/a:redhat:openshift:3.1::el7", "package": "nodejs-negotiator-0:0.6.1-1.el7", "product_name": "Red Hat OpenShift Enterprise 3.1", "release_date": "2016-08-11T00:00:00Z"}], "bugzilla": {"description": "nodejs-negotiator: Regular expression denial-of-service", "id": "1347677", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1347677"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-20", "details": ["This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-10539. Reason: This candidate is a duplicate of CVE-2016-10539. Notes: All CVE users should reference CVE-2016-10539 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage", "A regular expression denial of service flaw was found in Negotiator. An attacker able to make an application using Negotiator to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU."], "name": "CVE-2016-1000022", "public_date": "2016-06-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2016-1000022\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-1000022\nhttps://nodesecurity.io/advisories/106"], "threat_severity": "Moderate", "upstream_fix": "nodejs-negotiator 0.6.1"}