{"containers": {"cna": {"affected": [{"product": "xterm.js", "vendor": "https://xtermjs.org/", "versions": [{"status": "affected", "version": "xterm.js"}]}], "datePublic": "2019-01-09T00:00:00", "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka \"Xterm Remote Code Execution Vulnerability.\" This affects xterm.js."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-09-29T16:05:20", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "106434", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/106434"}, {"name": "RHBA-2019:0959", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHBA-2019:0959"}, {"name": "RHSA-2019:1422", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1422"}, {"name": "RHSA-2019:2552", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2552"}, {"name": "RHSA-2019:2551", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:2551"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/xtermjs/xterm.js/releases"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2019-0542", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "xterm.js", "version": {"version_data": [{"version_value": "xterm.js"}]}}]}, "vendor_name": "https://xtermjs.org/"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka \"Xterm Remote Code Execution Vulnerability.\" This affects xterm.js."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "106434", "refsource": "BID", "url": "http://www.securityfocus.com/bid/106434"}, {"name": "RHBA-2019:0959", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHBA-2019:0959"}, {"name": "RHSA-2019:1422", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1422"}, {"name": "RHSA-2019:2552", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2552"}, {"name": "RHSA-2019:2551", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:2551"}, {"name": "https://github.com/xtermjs/xterm.js/releases", "refsource": "MISC", "url": "https://github.com/xtermjs/xterm.js/releases"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:51:26.827Z"}, "title": "CVE Program Container", "references": [{"name": "106434", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/106434"}, {"name": "RHBA-2019:0959", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHBA-2019:0959"}, {"name": "RHSA-2019:1422", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1422"}, {"name": "RHSA-2019:2552", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2552"}, {"name": "RHSA-2019:2551", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:2551"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/xtermjs/xterm.js/releases"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2019-0542", "datePublished": "2019-01-09T15:00:00", "dateReserved": "2018-11-26T00:00:00", "dateUpdated": "2024-08-04T17:51:26.827Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xtermjs:xterm.js:*:*:*:*:*:*:*:*", "matchCriteriaId": "174C752A-5862-4B2E-81BF-B33C939F6BA2", "versionEndExcluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F89A265-EBFC-4B1C-8106-B414F815F141", "versionEndExcluding": "3.9.99", "versionStartIncluding": "3.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "25B054C0-BCF7-4B0A-9059-3DACA95DE9A1", "versionEndExcluding": "3.10.163", "versionStartIncluding": "3.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D88FD1A-0794-4E79-B51E-91F4403FD1F9", "versionEndExcluding": "3.11.104", "versionStartExcluding": "3.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka \"Xterm Remote Code Execution Vulnerability.\" This affects xterm.js."}, {"lang": "es", "value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Xterm.js cuando el componente maneja mal los caracteres especiales, tambi\u00e9n conocida como \"Xterm Remote Code Execution Vulnerability\". Esto afecta a xterm.js"}], "id": "CVE-2019-0542", "lastModified": "2024-11-21T04:16:49.423", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-01-09T15:29:00.213", "references": [{"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/bid/106434"}, {"source": "secure@microsoft.com", "url": "https://access.redhat.com/errata/RHBA-2019:0959"}, {"source": "secure@microsoft.com", "url": "https://access.redhat.com/errata/RHSA-2019:1422"}, {"source": "secure@microsoft.com", "url": "https://access.redhat.com/errata/RHSA-2019:2551"}, {"source": "secure@microsoft.com", "url": "https://access.redhat.com/errata/RHSA-2019:2552"}, {"source": "secure@microsoft.com", "url": "https://github.com/xtermjs/xterm.js/releases"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/106434"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHBA-2019:0959"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:1422"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:2551"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:2552"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/xtermjs/xterm.js/releases"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2019:2552", "cpe": "cpe:/a:redhat:openshift:3.10::el7", "package": "atomic-openshift-web-console-0:3.10.163-1.git.1.c3a2131.el7", "product_name": "Red Hat OpenShift Container Platform 3.10", "release_date": "2019-08-22T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/apb-base:v3.11.98-9", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/apb-tools:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/automation-broker-apb:v3.11.98-7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/csi-attacher:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/csi-driver-registrar:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/csi-livenessprobe:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/csi-provisioner:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/grafana:v3.11.98-7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/jenkins-slave-base-rhel7:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/jenkins-slave-maven-rhel7:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/jenkins-slave-nodejs-rhel7:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/local-storage-provisioner:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/logging-fluentd:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/manila-provisioner:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/mariadb-apb:v3.11.98-8", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/mediawiki:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/mediawiki-apb:v3.11.98-9", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/metrics-cassandra:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/metrics-hawkular-metrics:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/metrics-hawkular-openshift-agent:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/metrics-heapster:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/metrics-schema-installer:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/mysql-apb:v3.11.98-7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/node:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/oauth-proxy:v3.11.98-5", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose:v3.11.98-7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-ansible:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-ansible-service-broker:v3.11.98-7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-cli:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-cluster-autoscaler:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-cluster-capacity:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-cluster-monitoring-operator:v3.11.98-7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-configmap-reloader:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-console:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-control-plane:v3.11.98-7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-deployer:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-descheduler:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-docker-builder:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-docker-registry:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-efs-provisioner:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-egress-dns-proxy:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-egress-http-proxy:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-egress-router:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-haproxy-router:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-hyperkube:v3.11.98-8", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-hypershift:v3.11.98-7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-keepalived-ipfailover:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-kube-rbac-proxy:v3.11.98-7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-kube-state-metrics:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-logging-curator5:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-logging-elasticsearch5:v3.11.98-8", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-logging-eventrouter:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-logging-fluentd:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-logging-kibana5:v3.11.98-8", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-metrics-cassandra:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-metrics-hawkular-metrics:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-metrics-hawkular-openshift-agent:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-metrics-heapster:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-metrics-schema-installer:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-metrics-server:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-node:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-node-problem-detector:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-operator-lifecycle-manager:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-ovn-kubernetes:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-pod:v3.11.98-7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-prometheus-config-reloader:v3.11.98-7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-prometheus-operator:v3.11.98-7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-recycler:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-service-catalog:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-template-service-broker:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-tests:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/ose-web-console:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/postgresql-apb:v3.11.98-7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/prometheus:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/prometheus-alertmanager:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/prometheus-node-exporter:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/registry-console:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/snapshot-controller:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHBA-2019:0959", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "openshift3/snapshot-provisioner:v3.11.98-6", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-05-01T00:00:00Z"}, {"advisory": "RHSA-2019:1422", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-web-console-0:3.11.104-1.git.1.3c3a7f2.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2019-06-10T00:00:00Z"}, {"advisory": "RHSA-2019:2551", "cpe": "cpe:/a:redhat:openshift:3.9::el7", "package": "atomic-openshift-web-console-0:3.9.99-1.git.1.49cd7e9.el7", "product_name": "Red Hat OpenShift Container Platform 3.9", "release_date": "2019-09-05T00:00:00Z"}], "bugzilla": {"description": "xterm.js: Mishandling of special characters allows for remote code execution", "id": "1668531", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668531"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-77", "details": ["A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka \"Xterm Remote Code Execution Vulnerability.\" This affects xterm.js.", "It was found that xterm.js does not sanitize terminal escape sequences in browser terminals allowing for execution of arbitrary commands. An attacker could exploit this by convincing a user with a xterm.js browser terminal to display an escape sequence by, for example, reading a from a log file containing attacker-controlled input."], "name": "CVE-2019-0542", "package_state": [{"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2019-01-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-0542\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-0542"], "statement": "This issue affects both the atomic-openshift-web-console RPM and openshift3/ose-console container image shipped in OpenShift Container Platform. These components provide a web console for opening in-browser terminals in cluster pods. Successful exploitation of this issue would require an attacker to convince an authorized user to open an in-browser terminal on a target pod and execute a command that prints attacker-controlled input. Red Hat Product Security have rated this issue as having security impact of Moderate. A future update may address this issue.", "threat_severity": "Moderate", "upstream_fix": "xtermjs 3.8.1, xtermjs 3.9.2, xtermjs 3.10.1"}