Show plain JSON{"affected_release": [{"advisory": "RHSA-2024:7706", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-db-rhel8:3.0.1-3", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7706", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-grafana-dashboard-rhel8:3.0.1-3", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7706", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-operator-bundle:3.0.1-3", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7706", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-ose-oauth-proxy-rhel8:3.0.1-3", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7706", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-reports-rhel8:3.0.1-3", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7706", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-rhel8:3.0.1-3", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7706", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-rhel8-operator:3.0.1-3", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7706", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/cryostat-storage-rhel8:3.0.1-3", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:7706", "cpe": "cpe:/a:redhat:cryostat:3::el8", "package": "cryostat-tech-preview/jfr-datasource-rhel8:3.0.1-3", "product_name": "Cryostat 3 on RHEL 8", "release_date": "2024-10-07T00:00:00Z"}, {"advisory": "RHSA-2024:8014", "cpe": "cpe:/a:redhat:network_observ_optr:1.7.0::el9", "package": "network-observability/network-observability-cli-rhel9:v1.7.0-67", "product_name": "NETWORK-OBSERVABILITY-1.7.0-RHEL-9", "release_date": "2024-10-22T00:00:00Z"}, {"advisory": "RHSA-2024:8014", "cpe": "cpe:/a:redhat:network_observ_optr:1.7.0::el9", "package": "network-observability/network-observability-console-plugin-rhel9:v1.7.0-67", "product_name": "NETWORK-OBSERVABILITY-1.7.0-RHEL-9", "release_date": "2024-10-22T00:00:00Z"}, {"advisory": "RHSA-2024:8014", "cpe": "cpe:/a:redhat:network_observ_optr:1.7.0::el9", "package": "network-observability/network-observability-ebpf-agent-rhel9:v1.7.0-67", "product_name": "NETWORK-OBSERVABILITY-1.7.0-RHEL-9", "release_date": "2024-10-22T00:00:00Z"}, {"advisory": "RHSA-2024:8014", "cpe": "cpe:/a:redhat:network_observ_optr:1.7.0::el9", "package": "network-observability/network-observability-flowlogs-pipeline-rhel9:v1.7.0-67", "product_name": "NETWORK-OBSERVABILITY-1.7.0-RHEL-9", "release_date": "2024-10-22T00:00:00Z"}, {"advisory": "RHSA-2024:8014", "cpe": "cpe:/a:redhat:network_observ_optr:1.7.0::el9", "package": "network-observability/network-observability-operator-bundle:1.7.0-86", "product_name": "NETWORK-OBSERVABILITY-1.7.0-RHEL-9", "release_date": "2024-10-22T00:00:00Z"}, {"advisory": "RHSA-2024:8014", "cpe": "cpe:/a:redhat:network_observ_optr:1.7.0::el9", "package": "network-observability/network-observability-rhel9-operator:v1.7.0-67", "product_name": "NETWORK-OBSERVABILITY-1.7.0-RHEL-9", "release_date": "2024-10-22T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/acm-cluster-permission-rhel9:v2.11.4-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/acm-governance-policy-addon-controller-rhel9:v2.11.4-12", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/acm-governance-policy-framework-addon-rhel9:v2.11.4-13", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/acm-grafana-rhel9:v2.11.4-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/acm-must-gather-rhel9:v2.11.4-12", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/acm-operator-bundle:v2.11.4-47", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/acm-prometheus-config-reloader-rhel9:v2.11.4-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/acm-prometheus-rhel9:v2.11.4-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/acm-search-indexer-rhel9:v2.11.4-10", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/acm-search-v2-api-rhel9:v2.11.4-12", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/acm-search-v2-rhel9:v2.11.4-11", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/acm-volsync-addon-controller-rhel9:v2.11.4-22", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/cert-policy-controller-rhel9:v2.11.4-12", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/cluster-backup-rhel9-operator:v2.11.4-25", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/config-policy-controller-rhel9:v2.11.4-15", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/console-rhel9:v2.11.4-17", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/endpoint-monitoring-rhel9-operator:v2.11.4-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/governance-policy-propagator-rhel9:v2.11.4-13", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/grafana-dashboard-loader-rhel9:v2.11.4-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/insights-client-rhel9:v2.11.4-10", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/insights-metrics-rhel9:v2.11.4-11", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/klusterlet-addon-controller-rhel9:v2.11.4-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/kube-rbac-proxy-rhel9:v2.11.4-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/kube-state-metrics-rhel9:v2.11.4-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/memcached-exporter-rhel9:v2.11.4-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/memcached-rhel9:v2.11.4-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/metrics-collector-rhel9:v2.11.4-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/multicloud-integrations-rhel9:v2.11.4-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/multiclusterhub-rhel9:v2.11.4-16", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/multicluster-observability-rhel9-operator:v2.11.4-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/multicluster-operators-application-rhel9:v2.11.4-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/multicluster-operators-channel-rhel9:v2.11.4-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/multicluster-operators-subscription-rhel9:v2.11.4-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/node-exporter-rhel9:v2.11.4-4", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/observatorium-rhel9:v2.11.4-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/observatorium-rhel9-operator:v2.11.4-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/prometheus-alertmanager-rhel9:v2.11.4-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/prometheus-rhel9:v2.11.4-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/rbac-query-proxy-rhel9:v2.11.4-6", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/search-collector-rhel9:v2.11.4-10", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/submariner-addon-rhel9:v2.11.4-17", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/thanos-receive-controller-rhel9:v2.11.4-3", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:11381", "cpe": "cpe:/a:redhat:acm:2.11::el9", "package": "rhacm2/thanos-rhel9:v2.11.4-5", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2.11 for RHEL 9", "release_date": "2024-12-18T00:00:00Z"}, {"advisory": "RHSA-2024:10762", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el8", "package": "automation-controller-0:4.5.13-1.el8ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 8", "release_date": "2024-12-03T00:00:00Z"}, {"advisory": "RHSA-2024:10762", "cpe": "cpe:/a:redhat:ansible_automation_platform:2.4::el9", "package": "automation-controller-0:4.5.13-1.el9ap", "product_name": "Red Hat Ansible Automation Platform 2.4 for RHEL 9", "release_date": "2024-12-03T00:00:00Z"}, {"advisory": "RHSA-2025:0892", "cpe": "cpe:/a:redhat:openshift_devspaces:3::el9", "package": "devspaces/code-rhel9:3.18-6", "product_name": "Red Hat OpenShift Dev Spaces 3 Containers", "release_date": "2025-02-03T00:00:00Z"}, {"advisory": "RHSA-2024:7324", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/cluster-logging-operator-bundle:v5.9.7-11", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7324", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/cluster-logging-rhel9-operator:v5.9.7-6", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7324", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/eventrouter-rhel9:v0.4.0-301", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7324", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/fluentd-rhel9:v5.9.7-3", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7324", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/log-file-metric-exporter-rhel9:v1.1.0-282", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7324", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/logging-loki-rhel9:v3.1.1-10", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7324", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/logging-view-plugin-rhel9:v5.9.7-5", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7324", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/loki-operator-bundle:v5.9.7-16", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7324", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/loki-rhel9-operator:v5.9.7-7", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7324", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/lokistack-gateway-rhel9:v0.1.0-653", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7324", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/opa-openshift-rhel9:v0.1.0-288", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7324", "cpe": "cpe:/a:redhat:logging:5.9::el9", "package": "openshift-logging/vector-rhel9:v0.34.1-19", "product_name": "RHOL-5.9-RHEL-9", "release_date": "2024-10-02T00:00:00Z"}], "bugzilla": {"description": "dompurify: XSS vulnerability via prototype pollution", "id": "2312631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312631"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L", "status": "verified"}, "cwe": "CWE-1333", "details": ["DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It has been discovered that malicious HTML using special nesting techniques can bypass the depth checking added to DOMPurify in recent releases. It was also possible to use Prototype Pollution to weaken the depth check. This renders dompurify unable to avoid cross site scripting (XSS) attacks. This issue has been addressed in versions 2.5.4 and 3.1.3 of DOMPurify. All users are advised to upgrade. There are no known workarounds for this vulnerability.", "A flaw was found in DOMPurify. This issue may allow an attacker to use specially-crafted HTML to bypass the depth checking or use Prototype Pollution to weaken the depth check, which can lead to cross site scripting (XSS) attacks."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-45801", "package_state": [{"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Affected", "package_name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:workload_availability_node_healthcheck", "fix_state": "Will not fix", "package_name": "workload-availability/node-remediation-console-rhel8", "product_name": "Node HealthCheck Operator"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp-system-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-central-db-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Affected", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-rhel8-operator", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-roxctl-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-scanner-v4-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "automation-eda-controller", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "dompurify", "product_name": "Red Hat Integration Camel K 1"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "odh-dashboard-container", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Not affected", "package_name": "odh-operator-container", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "openshift4/ose-monitoring-plugin-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-networking-console-plugin-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Affected", "package_name": "rhods/odh-dashboard-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Not affected", "package_name": "rhods/odh-operator-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Not affected", "package_name": "rhods/odh-rhel8-operator", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-1/argocd-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-1/console-plugin-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/gitops-operator-bundle", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-argocd-rhel9-container", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Will not fix", "package_name": "container-native-virtualization/kubevirt-console-plugin-rhel9", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Will not fix", "package_name": "dompurify", "product_name": "Red Hat Process Automation 7"}], "public_date": "2024-09-16T19:16:11Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-45801\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-45801\nhttps://github.com/cure53/DOMPurify/commit/1e520262bf4c66b5efda49e2316d6d1246ca7b21\nhttps://github.com/cure53/DOMPurify/commit/26e1d69ca7f769f5c558619d644d90dd8bf26ebc\nhttps://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674"], "statement": "The vulnerability in DOMPurify, while significant, is categorized as moderate severity rather than important due to its specific conditions for exploitation. The issue requires not only a sophisticated nesting technique to bypass the depth checks but also the ability to leverage Prototype Pollution to weaken these protections. This makes the attack scenario relatively complex and less likely to be encountered in general use cases. Furthermore, the flaw impacts only certain configurations and usage patterns, thus reducing its immediate risk.", "threat_severity": "Moderate"}