{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-24999", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T04:29:01.569Z", "dateReserved": "2022-02-14T00:00:00", "datePublished": "2022-11-26T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-09-08T16:06:42.462757"}, "descriptions": [{"lang": "en", "value": "qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has \"deps: qs@6.9.7\" in its release description, is not vulnerable)."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/expressjs/express/releases/tag/4.17.3"}, {"url": "https://github.com/ljharb/qs/pull/428"}, {"url": "https://github.com/n8tz/CVE-2022-24999"}, {"name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3299-1] node-qs security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00039.html"}, {"url": "https://security.netapp.com/advisory/ntap-20230908-0005/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:29:01.569Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/expressjs/express/releases/tag/4.17.3", "tags": ["x_transferred"]}, {"url": "https://github.com/ljharb/qs/pull/428", "tags": ["x_transferred"]}, {"url": "https://github.com/n8tz/CVE-2022-24999", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3299-1] node-qs security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00039.html"}, {"url": "https://security.netapp.com/advisory/ntap-20230908-0005/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qs_project:qs:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "F7960844-79EB-454C-BD4C-C79387E2E573", "versionEndExcluding": "6.2.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:qs_project:qs:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "B836471B-BF39-4B52-B837-70B494D2C45F", "versionEndExcluding": "6.3.3", "versionStartIncluding": "6.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qs_project:qs:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "DF319EA6-E68F-41A8-BB21-FE30F6BD1A9C", "versionEndExcluding": "6.5.3", "versionStartIncluding": "6.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qs_project:qs:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "E43C2419-E3F8-4123-8FA8-A0C1B4244D77", "versionEndExcluding": "6.7.3", "versionStartIncluding": "6.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qs_project:qs:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "BB20DBEF-67E2-49FB-BB55-C86F7A83028F", "versionEndExcluding": "6.8.3", "versionStartIncluding": "6.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qs_project:qs:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "49C25B47-56FD-43BF-9DA4-A6100DD291EE", "versionEndExcluding": "6.9.7", "versionStartIncluding": "6.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qs_project:qs:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "750DDAB9-4454-4087-8DA1-D05280F59081", "versionEndExcluding": "6.10.3", "versionStartIncluding": "6.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qs_project:qs:6.4.0:*:*:*:*:node.js:*:*", "matchCriteriaId": "535F43BA-C0A4-441A-A13C-A221ED855613", "vulnerable": true}, {"criteria": "cpe:2.3:a:qs_project:qs:6.6.0:*:*:*:*:node.js:*:*", "matchCriteriaId": "870A2680-00C2-43D2-9C4B-D8F52DB16AA1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:openjsf:express:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "31382A93-AA97-4D14-ACF6-129F1BDDFD6D", "versionEndExcluding": "4.17.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has \"deps: qs@6.9.7\" in its release description, is not vulnerable)."}, {"lang": "es", "value": "qs anterior a 6.10.3, como se usa en Express anterior a 4.17.3 y otros productos, permite a los atacantes provocar que un proceso de Nodo se cuelgue para una aplicaci\u00f3n Express porque se puede usar una clave __ proto__. En muchos casos de uso t\u00edpicos de Express, un atacante remoto no autenticado puede colocar el payload del ataque en la cadena de consulta de la URL que se utiliza para visitar la aplicaci\u00f3n, como a[__proto__]=b&a[__proto__]&a[length] =100000000. La soluci\u00f3n se respald\u00f3 a qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3 y 6.2.4 (y por lo tanto a Express 4.17.3, que tiene \"deps : qs@6.9.7\" en la descripci\u00f3n de su versi\u00f3n, no es vulnerable)."}], "id": "CVE-2022-24999", "lastModified": "2024-11-21T06:51:31.643", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-26T22:15:10.153", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://github.com/expressjs/express/releases/tag/4.17.3"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/ljharb/qs/pull/428"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/n8tz/CVE-2022-24999"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00039.html"}, {"source": "cve@mitre.org", "url": "https://security.netapp.com/advisory/ntap-20230908-0005/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/expressjs/express/releases/tag/4.17.3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/ljharb/qs/pull/428"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/n8tz/CVE-2022-24999"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00039.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20230908-0005/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1321"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:0934", "cpe": "cpe:/a:redhat:migration_toolkit_applications:6.0::el8", "package": "mta/mta-ui-rhel8:6.0.1-10", "product_name": "MTA-6.0-RHEL-8", "release_date": "2023-02-28T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "acm-governance-policy-addon-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "acm-grafana-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "acm-must-gather-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "acm-operator-bundle-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "acm-prometheus-config-reloader-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "acm-prometheus-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "acm-volsync-addon-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "cert-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "cluster-backup-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "config-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "console-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "endpoint-monitoring-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "governance-policy-propagator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "governance-policy-spec-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "governance-policy-status-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "governance-policy-template-sync-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "grafana-dashboard-loader-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "iam-policy-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "insights-client-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "insights-metrics-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "klusterlet-addon-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "kube-rbac-proxy-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "kube-state-metrics-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "management-ingress-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "memcached-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "memcached-exporter-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "metrics-collector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "multicloud-integrations-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "multiclusterhub-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "multiclusterhub-repo-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "multicluster-observability-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "multicluster-operators-application-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "multicluster-operators-channel-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "multicluster-operators-subscription-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "node-exporter-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "observatorium-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "observatorium-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "prometheus-alertmanager-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "prometheus-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "rbac-query-proxy-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "redisgraph-tls-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "search-aggregator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "search-api-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "search-collector-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "search-operator-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "submariner-addon-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "thanos-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0794", "cpe": "cpe:/a:redhat:acm:2.6::el8", "package": "thanos-receive-controller-container", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2023:0050", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "nodejs:14-8070020221212161539.bd1311ed", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-01-09T00:00:00Z"}, {"advisory": "RHSA-2023:1533", "cpe": "cpe:/a:redhat:rhel_eus:8.4", "package": "nodejs:14-8040020230306170312.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Extended Update Support", "release_date": "2023-03-30T00:00:00Z"}, {"advisory": "RHSA-2023:1742", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "nodejs:14-8060020230306170237.ad008a3a", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-04-12T00:00:00Z"}, {"advisory": "RHSA-2023:1428", "cpe": "cpe:/a:redhat:rhmt:1.7::el8", "package": "rhmtc/openshift-migration-ui-rhel8:v1.7.8-5", "product_name": "Red Hat Migration Toolkit for Containers 1.7", "release_date": "2023-03-23T00:00:00Z"}, {"advisory": "RHSA-2023:3645", "cpe": "cpe:/a:redhat:service_mesh:2.2::el8", "package": "openshift-service-mesh/prometheus-rhel8:2.2.7-7", "product_name": "Red Hat OpenShift Service Mesh 2.2 for RHEL 8", "release_date": "2023-06-15T00:00:00Z"}, {"advisory": "RHSA-2023:0612", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs14-nodejs-0:14.21.1-3.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2023-02-06T00:00:00Z"}, {"advisory": "RHSA-2023:0612", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-nodejs14-nodejs-nodemon-0:2.0.20-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2023-02-06T00:00:00Z"}, {"advisory": "RHSA-2023:3265", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.12::el8", "package": "odf4/mcg-core-rhel8:v4.12.3-4", "product_name": "RHODF-4.12-RHEL-8", "release_date": "2023-05-23T00:00:00Z"}, {"advisory": "RHSA-2023:0930", "cpe": "cpe:/a:redhat:logging:5.5::el8", "package": "openshift-logging/logging-view-plugin-rhel8:v5.5.8-3", "product_name": "RHOL-5.5-RHEL-8", "release_date": "2023-03-08T00:00:00Z"}, {"advisory": "RHSA-2023:0932", "cpe": "cpe:/a:redhat:logging:5.6::el8", "package": "openshift-logging/logging-view-plugin-rhel8:v5.6.3-5", "product_name": "RHOL-5.6-RHEL-8", "release_date": "2023-03-08T00:00:00Z"}], "bugzilla": {"description": "express: \"qs\" prototype poisoning causes the hang of the node process", "id": "2150323", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150323"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-1321", "details": ["qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has \"deps: qs@6.9.7\" in its release description, is not vulnerable).", "A flaw was found in the express.js npm package of nodejs:14 module stream. Express.js Express is vulnerable to a denial of service caused by a prototype pollution flaw in qs. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, a remote attacker can cause a denial of service."], "name": "CVE-2022-24999", "package_state": [{"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Fix deferred", "package_name": "migration-toolkit-virtualization/mtv-ui-rhel8", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:rhel_dotnet:3.1", "fix_state": "Out of support scope", "package_name": "rh-dotnet31-dotnet", "product_name": ".NET Core 3.1 on Red Hat Enterprise Linux"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Not affected", "package_name": "odo", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Will not fix", "package_name": "openshift-service-mesh/kiali-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:service_mesh:2.1", "fix_state": "Will not fix", "package_name": "openshift-service-mesh/kiali-rhel8", "product_name": "OpenShift Service Mesh 2.1"}, {"cpe": "cpe:/a:redhat:service_mesh:2.1", "fix_state": "Will not fix", "package_name": "servicemesh-grafana", "product_name": "OpenShift Service Mesh 2.1"}, {"cpe": "cpe:/a:redhat:service_mesh:2.1", "fix_state": "Will not fix", "package_name": "servicemesh-prometheus", "product_name": "OpenShift Service Mesh 2.1"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Will not fix", "package_name": "rhacm2/application-ui-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Will not fix", "package_name": "rhacm2/console-api-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Will not fix", "package_name": "rhacm2/console-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Will not fix", "package_name": "rhacm2/grc-ui-api-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Will not fix", "package_name": "rhacm2/grc-ui-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/search-api-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Will not fix", "package_name": "rhacm2/search-ui-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Affected", "package_name": "advanced-cluster-security/rhacs-docs-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-rhel8-operator", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Will not fix", "package_name": "advanced-cluster-security/rhacs-roxctl-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform", "fix_state": "Affected", "package_name": "qs", "product_name": "Red Hat Ansible Automation Platform 1.2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Will not fix", "package_name": "aap-azure-ui", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:service_registry:2", "fix_state": "Affected", "package_name": "qs", "product_name": "Red Hat build of Apicurio Registry"}, {"cpe": "cpe:/a:redhat:ceph_storage:4", "fix_state": "Affected", "package_name": "cockpit-ceph-installer", "product_name": "Red Hat Ceph Storage 4"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Out of support scope", "package_name": "qs", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:directory_server:11", "fix_state": "Will not fix", "package_name": "redhat-ds:11/389-ds-base", "product_name": "Red Hat Directory Server 11"}, {"cpe": "cpe:/a:redhat:discovery:1.0::el8", "fix_state": "Affected", "package_name": "discovery-server-container", "product_name": "Red Hat Discovery"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "nodejs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "nodejs:16/nodejs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "nodejs:18/nodejs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "nodejs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "nodejs:18/nodejs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Will not fix", "package_name": "nodejs-qs", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Affected", "package_name": "qs", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "nodejs-qs", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "nodejs", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "openshift3/ose-console", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Out of support scope", "package_name": "ocs4/mcg-core-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "nodejs", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Affected", "package_name": "noobaa-core-container", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Will not fix", "package_name": "odf4/odf-console-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Will not fix", "package_name": "odf4/odf-multicluster-console-rhel8", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Affected", "package_name": "devspaces/code-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Affected", "package_name": "devspaces/dashboard-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Will not fix", "package_name": "devspaces-theia-endpoint-rhel8-container", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Will not fix", "package_name": "devspaces-theia-rhel8-container", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-1/argocd-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Affected", "package_name": "container-native-virtualization/kubevirt-console-plugin", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Out of support scope", "package_name": "qs", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Will not fix", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Will not fix", "package_name": "satellite:el8/rubygem-rabl", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Will not fix", "package_name": "tfm-rubygem-rabl", "product_name": "Red Hat Satellite 6"}], "public_date": "2022-11-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-24999\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-24999\nhttps://github.com/expressjs/express/releases/tag/4.17.3\nhttps://github.com/ljharb/qs/pull/428\nhttps://github.com/n8tz/CVE-2022-24999"], "statement": "- The qs and express Package is not used by the OpenShift Container Platform console directly and is only a third-party package dependency. Hence, it is marked as wontfix. \nAs a result, any services that depend on Openshift for their use of qs and express are marked won't fix. \n- In OpenShift Service Mesh, 'qs' is hoisted from storybook and node-sass, both are dev dependencies, and the vulnerability is not exposed to end users. Hence marked as wontfix.", "threat_severity": "Moderate", "upstream_fix": "qs 4.17.3, qs 6.9.7, qs 6.8.3, qs 6.7.3, qs 6.6.1, qs 6.5.3, qs 6.4.1, qs 6.3.3, qs 6.2.4, qs 6.10.3"}