{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-42459", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T15:05:48.384Z", "dateReserved": "2024-08-02T00:00:00", "datePublished": "2024-08-02T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-08-02T07:08:53.551383"}, "descriptions": [{"lang": "en", "value": "In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/indutny/elliptic/pull/317"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-347", "lang": "en", "description": "CWE-347 Improper Verification of Cryptographic Signature"}]}], "affected": [{"vendor": "elliptic_project", "product": "elliptic", "cpes": ["cpe:2.3:a:elliptic_project:elliptic:6.5.6:*:*:*:*:node.js:*:*"], "defaultStatus": "unknown", "versions": [{"version": "6.5.6", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-02T14:59:10.365958Z", "id": "CVE-2024-42459", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T15:05:48.384Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-42459", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-02T14:59:10.365958Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:elliptic_project:elliptic:6.5.6:*:*:*:*:node.js:*:*"], "vendor": "elliptic_project", "product": "elliptic", "versions": [{"status": "affected", "version": "6.5.6"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-347", "description": "CWE-347 Improper Verification of Cryptographic Signature"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-02T15:04:36.324Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/indutny/elliptic/pull/317"}], "descriptions": [{"lang": "en", "value": "In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-08-02T07:08:53.551383"}}}, "cveMetadata": {"cveId": "CVE-2024-42459", "state": "PUBLISHED", "dateUpdated": "2024-08-02T15:05:48.384Z", "dateReserved": "2024-08-02T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-08-02T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended."}, {"lang": "es", "value": "En el paquete Elliptic 6.5.6 para Node.js, la maleabilidad de la firma EDDSA se produce porque falta una verificaci\u00f3n de longitud de la firma y, por lo tanto, se pueden eliminar o agregar bytes con valor cero."}], "id": "CVE-2024-42459", "lastModified": "2024-08-02T15:35:44.213", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-08-02T07:16:10.003", "references": [{"source": "cve@mitre.org", "url": "https://github.com/indutny/elliptic/pull/317"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/agent-service-rhel8:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 8", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/assisted-image-service-rhel8:v2.5.7-1", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 8", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/assisted-installer-agent-rhel8:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 8", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/assisted-installer-reporter-rhel8:v2.5.7-1", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 8", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/assisted-installer-rhel8:v2.5.7-1", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 8", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/hive-rhel8:v2.5.7-1", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 8", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/addon-manager-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/apiserver-network-proxy-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/aws-encryption-provider-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/backplane-rhel9-operator:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/cluster-api-provider-aws-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/cluster-api-provider-azure-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/cluster-api-provider-kubevirt-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/cluster-api-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/clusterclaims-controller-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/cluster-curator-controller-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/cluster-image-set-controller-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/clusterlifecycle-state-metrics-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/cluster-proxy-addon-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/cluster-proxy-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/discovery-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/hypershift-cli-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/hypershift-rhel9-operator:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/image-based-install-rhel9:v2.5.7-7", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/klusterlet-operator-bundle:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/kube-rbac-proxy-mce-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/managedcluster-import-controller-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/mce-operator-bundle:v2.5.7-6", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/multicloud-manager-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/multicluster-engine-cluster-api-provider-agent-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/multicluster-engine-console-mce-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/multicluster-engine-hypershift-addon-rhel9-operator:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/multicluster-engine-managed-serviceaccount-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/must-gather-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/placement-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/provider-credential-controller-rhel9:v2.5.7-2", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/registration-operator-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/registration-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6738", "cpe": "cpe:/a:redhat:multicluster_engine:2.5::el8", "package": "multicluster-engine/work-rhel9:v2.5.7-3", "product_name": "multicluster engine for Kubernetes 2.5 for RHEL 9", "release_date": "2024-09-17T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-cluster-permission-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-governance-policy-addon-controller-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-governance-policy-framework-addon-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-grafana-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-must-gather-rhel9:v2.10.6-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-operator-bundle:v2.10.6-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-prometheus-config-reloader-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-prometheus-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-search-indexer-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-search-v2-api-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-search-v2-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/acm-volsync-addon-controller-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/cert-policy-controller-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/cluster-backup-rhel9-operator:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/config-policy-controller-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/console-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/endpoint-monitoring-rhel9-operator:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/governance-policy-propagator-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/grafana-dashboard-loader-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/iam-policy-controller-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/insights-client-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/insights-metrics-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/klusterlet-addon-controller-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/kube-rbac-proxy-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/kube-state-metrics-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/memcached-exporter-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/memcached-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/metrics-collector-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicloud-integrations-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multiclusterhub-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicluster-observability-rhel9-operator:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicluster-operators-application-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicluster-operators-channel-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/multicluster-operators-subscription-rhel9:v2.10.6-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/node-exporter-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/observatorium-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/observatorium-rhel9-operator:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/prometheus-alertmanager-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/prometheus-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/rbac-query-proxy-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/search-collector-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/submariner-addon-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/thanos-receive-controller-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6779", "cpe": "cpe:/a:redhat:acm:2.10::el9", "package": "rhacm2/thanos-rhel9:v2.10.6-2", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.10 for RHEL 9", "release_date": "2024-09-18T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/grafana-rhel8:2.4.10-3", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/istio-cni-rhel8:2.4.10-4", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/istio-must-gather-rhel8:2.4.10-4", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/kiali-rhel8:1.65.15-3", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/pilot-rhel8:2.4.10-4", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/proxyv2-rhel8:2.4.10-3", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6209", "cpe": "cpe:/a:redhat:service_mesh:2.4::el8", "package": "openshift-service-mesh/ratelimit-rhel8:2.4.10-3", "product_name": "Red Hat OpenShift Service Mesh 2.4 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6210", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/grafana-rhel8:2.5.4-3", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6210", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/istio-cni-rhel8:2.5.4-4", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6210", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/istio-must-gather-rhel8:2.5.4-4", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6210", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/kiali-ossmc-rhel8:1.73.13-2", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6210", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/kiali-rhel8:1.73.14-2", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6210", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/pilot-rhel8:2.5.4-4", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6210", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/proxyv2-rhel8:2.5.4-2", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}, {"advisory": "RHSA-2024:6210", "cpe": "cpe:/a:redhat:service_mesh:2.5::el8", "package": "openshift-service-mesh/ratelimit-rhel8:2.5.4-3", "product_name": "Red Hat OpenShift Service Mesh 2.5 for RHEL 8", "release_date": "2024-09-03T00:00:00Z"}], "bugzilla": {"description": "elliptic: nodejs/elliptic: EDDSA signature malleability due to missing signature length check", "id": "2302458", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302458"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-325", "details": ["In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended.", "A flaw was found in the NodeJS Elliptic package. When creating EDDSA signatures, the Elliptic package doesn't properly check the signature length, allowing zeros to be added or removed from the signature without invalidating it, which may result in confidentiality issues."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-42459", "package_state": [{"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Under investigation", "package_name": "openshift-builds/openshift-builds-controller-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Under investigation", "package_name": "openshift-builds/openshift-builds-git-cloner-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Under investigation", "package_name": "openshift-builds/openshift-builds-image-bundler-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Under investigation", "package_name": "openshift-builds/openshift-builds-image-processing-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Under investigation", "package_name": "openshift-builds/openshift-builds-rhel9-operator", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Under investigation", "package_name": "openshift-builds/openshift-builds-shared-resource-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Under investigation", "package_name": "openshift-builds/openshift-builds-shared-resource-webhook-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Under investigation", "package_name": "openshift-builds/openshift-builds-waiters-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_builds:1", "fix_state": "Under investigation", "package_name": "openshift-builds/openshift-builds-webhook-rhel9", "product_name": "Builds for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Under investigation", "package_name": "openshift-logging/kibana6-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Under investigation", "package_name": "openshift-pipelines/pipelines-hub-api-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Under investigation", "package_name": "openshift-pipelines/pipelines-hub-db-migration-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Under investigation", "package_name": "openshift-pipelines/pipelines-hub-ui-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Under investigation", "package_name": "elliptic", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Under investigation", "package_name": "openshift-service-mesh/kiali-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Under investigation", "package_name": "3scale-amp-system-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Under investigation", "package_name": "rhdh-hub-container", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Under investigation", "package_name": "rhdh-operator-container", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Under investigation", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "mozjs60", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "gjs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "polkit", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "rhel9/bootc-image-builder", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Under investigation", "package_name": "elliptic", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Under investigation", "package_name": "elliptic", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Under investigation", "package_name": "elliptic", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Under investigation", "package_name": "elliptic", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Under investigation", "package_name": "elliptic", "product_name": "Red Hat JBoss Fuse 7"}, {"cpe": "cpe:/a:redhat:openshift_cluster_manager_cli:1", "fix_state": "Under investigation", "package_name": "ocm-cli-clients/ocm-cli-rhel9", "product_name": "Red Hat OpenShift Cluster Manager CLI"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Under investigation", "package_name": "openshift3/ose-console", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Under investigation", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Under investigation", "package_name": "ocs4/mcg-core-rhel8", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Under investigation", "package_name": "devspaces/dashboard-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Under investigation", "package_name": "devspaces/traefik-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Under investigation", "package_name": "openshift-gitops-1/argo-rollouts-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Under investigation", "package_name": "elliptic", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Under investigation", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}], "public_date": "2024-08-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-42459\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-42459\nhttps://github.com/indutny/elliptic/pull/317"], "threat_severity": "Moderate"}