{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-21536", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "state": "PUBLISHED", "assignerShortName": "snyk", "dateReserved": "2023-12-22T12:33:20.123Z", "datePublished": "2024-10-19T05:00:04.056Z", "dateUpdated": "2024-10-21T16:31:29.125Z"}, "containers": {"cna": {"metrics": [{"cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P"}}], "credits": [{"value": "Marc Hassan", "lang": "en"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "Denial of Service (DoS)", "lang": "en"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2024-10-21T11:22:36.064Z"}, "descriptions": [{"value": "Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.", "lang": "en"}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906"}, {"url": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a"}, {"url": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22"}, {"url": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5"}], "affected": [{"product": "http-proxy-middleware", "versions": [{"version": "0", "lessThan": "2.0.7", "status": "affected", "versionType": "semver"}, {"version": "3.0.0", "lessThan": "3.0.3", "status": "affected", "versionType": "semver"}], "vendor": "n/a"}]}, "adp": [{"affected": [{"vendor": "chimurai", "product": "http-proxy-middleware", "cpes": ["cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThan": "2.0.7", "versionType": "semver"}, {"version": "3.0.0", "status": "affected", "lessThan": "3.0.3", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-21T15:20:45.568615Z", "id": "CVE-2024-21536", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T16:31:29.125Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-21536", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-21T15:20:45.568615Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*"], "vendor": "chimurai", "product": "http-proxy-middleware", "versions": [{"status": "affected", "version": "0", "lessThan": "2.0.7", "versionType": "semver"}, {"status": "affected", "version": "3.0.0", "lessThan": "3.0.3", "versionType": "semver"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-21T15:47:24.380Z"}}], "cna": {"credits": [{"lang": "en", "value": "Marc Hassan"}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "n/a", "product": "http-proxy-middleware", "versions": [{"status": "affected", "version": "0", "lessThan": "2.0.7", "versionType": "semver"}, {"status": "affected", "version": "3.0.0", "lessThan": "3.0.3", "versionType": "semver"}]}], "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906"}, {"url": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a"}, {"url": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22"}, {"url": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5"}], "descriptions": [{"lang": "en", "value": "Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths."}], "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-400", "description": "Denial of Service (DoS)"}]}], "providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2024-10-21T11:22:36.064Z"}}}, "cveMetadata": {"cveId": "CVE-2024-21536", "state": "PUBLISHED", "dateUpdated": "2024-10-21T16:31:29.125Z", "dateReserved": "2023-12-22T12:33:20.123Z", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "datePublished": "2024-10-19T05:00:04.056Z", "assignerShortName": "snyk"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A1C31D2C-0CB7-4D28-8658-42632A65F7F3", "versionEndExcluding": "2.0.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:chimurai:http-proxy-middleware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A89EB4F5-1978-4172-A52D-8504F87E110E", "versionEndExcluding": "3.0.3", "versionStartIncluding": "3.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths."}, {"lang": "es", "value": "Las versiones del paquete http-proxy-middleware anteriores a la 2.0.7, a la 3.0.0 y a la 3.0.3 es vulnerable a un ataque de denegaci\u00f3n de servicio (DoS) debido a un error UnhandledPromiseRejection generado por micromatch. Un atacante podr\u00eda matar el proceso Node.js y bloquear el servidor al realizar solicitudes a determinadas rutas."}], "id": "CVE-2024-21536", "lastModified": "2024-11-01T18:03:15.897", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2024-10-19T05:15:13.097", "references": [{"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a"}, {"source": "report@snyk.io", "tags": ["Patch"], "url": "https://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5"}, {"source": "report@snyk.io", "tags": ["Patch"], "url": "https://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22"}, {"source": "report@snyk.io", "tags": ["Third Party Advisory"], "url": "https://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "report@snyk.io", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:1249", "cpe": "cpe:/o:redhat:discovery:1.0::el9", "package": "discovery/discovery-server-rhel9:1.12.0-1", "product_name": "Discovery 1 for RHEL 9", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:1249", "cpe": "cpe:/o:redhat:discovery:1.0::el9", "package": "discovery/discovery-ui-rhel9:1.12.0-1", "product_name": "Discovery 1 for RHEL 9", "release_date": "2025-02-10T00:00:00Z"}, {"advisory": "RHSA-2025:3928", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-central-db-rhel8:4.5.9-1", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3928", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-collector-rhel8:4.5.9-1", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3928", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-collector-slim-rhel8:4.5.9-1", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3928", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-main-rhel8:4.5.9-1", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3928", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-operator-bundle:4.5.9-1", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3928", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-rhel8-operator:4.5.9-1", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3928", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-roxctl-rhel8:4.5.9-1", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3928", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-scanner-db-rhel8:4.5.9-1", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3928", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.5.9-1", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3928", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-scanner-rhel8:4.5.9-1", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3928", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-scanner-slim-rhel8:4.5.9-1", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3928", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8:4.5.9-1", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3928", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.5::el8", "package": "advanced-cluster-security/rhacs-scanner-v4-rhel8:4.5.9-1", "product_name": "Red Hat Advanced Cluster Security 4.5", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3929", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package": "advanced-cluster-security/rhacs-central-db-rhel8:4.6.5-1", "product_name": "Red Hat Advanced Cluster Security 4.6", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3929", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package": "advanced-cluster-security/rhacs-collector-rhel8:4.6.5-1", "product_name": "Red Hat Advanced Cluster Security 4.6", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3929", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package": "advanced-cluster-security/rhacs-collector-slim-rhel8:4.6.5-1", "product_name": "Red Hat Advanced Cluster Security 4.6", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3929", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package": "advanced-cluster-security/rhacs-main-rhel8:4.6.5-1", "product_name": "Red Hat Advanced Cluster Security 4.6", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3929", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package": "advanced-cluster-security/rhacs-operator-bundle:4.6.5-1", "product_name": "Red Hat Advanced Cluster Security 4.6", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3929", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package": "advanced-cluster-security/rhacs-rhel8-operator:4.6.5-1", "product_name": "Red Hat Advanced Cluster Security 4.6", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3929", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package": "advanced-cluster-security/rhacs-roxctl-rhel8:4.6.5-1", "product_name": "Red Hat Advanced Cluster Security 4.6", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3929", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package": "advanced-cluster-security/rhacs-scanner-db-rhel8:4.6.5-1", "product_name": "Red Hat Advanced Cluster Security 4.6", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3929", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.6.5-1", "product_name": "Red Hat Advanced Cluster Security 4.6", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3929", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package": "advanced-cluster-security/rhacs-scanner-rhel8:4.6.5-1", "product_name": "Red Hat Advanced Cluster Security 4.6", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3929", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package": "advanced-cluster-security/rhacs-scanner-slim-rhel8:4.6.5-1", "product_name": "Red Hat Advanced Cluster Security 4.6", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3929", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8:4.6.5-1", "product_name": "Red Hat Advanced Cluster Security 4.6", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3929", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.6::el8", "package": "advanced-cluster-security/rhacs-scanner-v4-rhel8:4.6.5-1", "product_name": "Red Hat Advanced Cluster Security 4.6", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3930", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package": "advanced-cluster-security/rhacs-central-db-rhel8:4.7.2-2", "product_name": "Red Hat Advanced Cluster Security 4.7", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3930", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package": "advanced-cluster-security/rhacs-collector-rhel8:4.7.2-2", "product_name": "Red Hat Advanced Cluster Security 4.7", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3930", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package": "advanced-cluster-security/rhacs-main-rhel8:4.7.2-3", "product_name": "Red Hat Advanced Cluster Security 4.7", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3930", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package": "advanced-cluster-security/rhacs-operator-bundle:4.7.2-4", "product_name": "Red Hat Advanced Cluster Security 4.7", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3930", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package": "advanced-cluster-security/rhacs-rhel8-operator:4.7.2-1", "product_name": "Red Hat Advanced Cluster Security 4.7", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3930", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package": "advanced-cluster-security/rhacs-roxctl-rhel8:4.7.2-1", "product_name": "Red Hat Advanced Cluster Security 4.7", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3930", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package": "advanced-cluster-security/rhacs-scanner-db-rhel8:4.7.2-1", "product_name": "Red Hat Advanced Cluster Security 4.7", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3930", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.7.2-1", "product_name": "Red Hat Advanced Cluster Security 4.7", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3930", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package": "advanced-cluster-security/rhacs-scanner-rhel8:4.7.2-2", "product_name": "Red Hat Advanced Cluster Security 4.7", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3930", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package": "advanced-cluster-security/rhacs-scanner-slim-rhel8:4.7.2-1", "product_name": "Red Hat Advanced Cluster Security 4.7", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3930", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package": "advanced-cluster-security/rhacs-scanner-v4-db-rhel8:4.7.2-1", "product_name": "Red Hat Advanced Cluster Security 4.7", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHSA-2025:3930", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package": "advanced-cluster-security/rhacs-scanner-v4-rhel8:4.7.2-3", "product_name": "Red Hat Advanced Cluster Security 4.7", "release_date": "2025-04-15T00:00:00Z"}, {"advisory": "RHBA-2024:9054", "cpe": "cpe:/a:redhat:rhdh:1.3::el9", "package": "rhdh/rhdh-hub-rhel9:1.3-124", "product_name": "Red Hat Developer Hub 1.3 on RHEL 9", "release_date": "2024-11-11T00:00:00Z"}, {"advisory": "RHSA-2025:8510", "cpe": "cpe:/a:redhat:rhmt:1.8::el8", "package": "rhmtc/openshift-migration-ui-rhel8:v1.8.7-2", "product_name": "Red Hat Migration Toolkit for Containers 1.8", "release_date": "2025-06-04T00:00:00Z"}, {"advisory": "RHSA-2024:9627", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/grafana-rhel8:2.6.3-2", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9627", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/istio-cni-rhel8:2.6.3-4", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9627", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/istio-must-gather-rhel8:2.6.3-3", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9627", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/istio-rhel8-operator:2.6.3-5", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9627", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/kiali-rhel8-operator:1.89.7-1", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9627", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/pilot-rhel8:2.6.3-4", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9627", "cpe": "cpe:/a:redhat:service_mesh:2.6::el8", "package": "openshift-service-mesh/ratelimit-rhel8:2.6.3-4", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 8", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2024:9627", "cpe": "cpe:/a:redhat:service_mesh:2.6::el9", "package": "openshift-service-mesh/proxyv2-rhel9:2.6.3-6", "product_name": "Red Hat OpenShift Service Mesh 2.6 for RHEL 9", "release_date": "2024-11-14T00:00:00Z"}, {"advisory": "RHSA-2025:8551", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.14::el9", "package": "odf4/ocs-client-console-rhel9:v4.14.18-2", "product_name": "RHODF-4.14-RHEL-9", "release_date": "2025-06-04T00:00:00Z"}, {"advisory": "RHSA-2025:8551", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.14::el9", "package": "odf4/odf-console-rhel9:v4.14.18-3", "product_name": "RHODF-4.14-RHEL-9", "release_date": "2025-06-04T00:00:00Z"}, {"advisory": "RHSA-2025:8551", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.14::el9", "package": "odf4/odf-multicluster-console-rhel9:v4.14.18-2", "product_name": "RHODF-4.14-RHEL-9", "release_date": "2025-06-04T00:00:00Z"}, {"advisory": "RHSA-2025:8544", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/ocs-client-console-rhel9:v4.15.14-2", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2025-06-04T00:00:00Z"}, {"advisory": "RHSA-2025:8544", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-console-rhel9:v4.15.14-2", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2025-06-04T00:00:00Z"}, {"advisory": "RHSA-2025:8544", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.15::el9", "package": "odf4/odf-multicluster-console-rhel9:v4.15.14-2", "product_name": "RHODF-4.15-RHEL-9", "release_date": "2025-06-04T00:00:00Z"}, {"advisory": "RHSA-2025:8479", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package": "odf4/ocs-client-console-rhel9:v4.16.10-4", "product_name": "RHODF-4.16-RHEL-9", "release_date": "2025-06-04T00:00:00Z"}, {"advisory": "RHSA-2025:8479", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package": "odf4/odf-console-rhel9:v4.16.10-4", "product_name": "RHODF-4.16-RHEL-9", "release_date": "2025-06-04T00:00:00Z"}, {"advisory": "RHSA-2025:8479", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.16::el9", "package": "odf4/odf-multicluster-console-rhel9:v4.16.10-3", "product_name": "RHODF-4.16-RHEL-9", "release_date": "2025-06-04T00:00:00Z"}, {"advisory": "RHSA-2025:8059", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.17::el9", "package": "odf4/ocs-client-console-rhel9:v4.17.7-2", "product_name": "RHODF-4.17-RHEL-9", "release_date": "2025-05-21T00:00:00Z"}, {"advisory": "RHSA-2025:8059", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.17::el9", "package": "odf4/odf-console-rhel9:v4.17.7-2", "product_name": "RHODF-4.17-RHEL-9", "release_date": "2025-05-21T00:00:00Z"}, {"advisory": "RHSA-2025:8059", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.17::el9", "package": "odf4/odf-multicluster-console-rhel9:v4.17.7-2", "product_name": "RHODF-4.17-RHEL-9", "release_date": "2025-05-21T00:00:00Z"}, {"advisory": "RHSA-2025:4511", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.18::el9", "package": "odf4/ocs-client-console-rhel9:v4.18.2-8", "product_name": "RHODF-4.18-RHEL-9", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4511", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.18::el9", "package": "odf4/odf-console-rhel9:v4.18.2-7", "product_name": "RHODF-4.18-RHEL-9", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHSA-2025:4511", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.18::el9", "package": "odf4/odf-multicluster-console-rhel9:v4.18.2-8", "product_name": "RHODF-4.18-RHEL-9", "release_date": "2025-05-06T00:00:00Z"}, {"advisory": "RHBA-2024:11265", "cpe": "cpe:/a:redhat:rhdh:1.4::el9", "package": "registry.redhat.io/rhdh/rhdh-hub-rhel9:sha256:48edcf6f736e17f33d3630ce2fddc19e95316b7824a7af24e9f0df48ac4f4fe3", "product_name": "Red Hat Developer Hub (RHDH) 1.4", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:10917", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.4::el8", "package": "registry.redhat.io/rhosdt/jaeger-query-rhel8:sha256:648d95c1a6736055910cd901c7e80d82d0e8bad71531373293144d0d6682b994", "product_name": "Red Hat OpenShift distributed tracing 3.4", "release_date": "2024-12-10T00:00:00Z"}, {"advisory": "RHSA-2024:10962", "cpe": "cpe:/a:redhat:openshift_distributed_tracing:3.4::el8", "package": "registry.redhat.io/rhosdt/jaeger-query-rhel8:sha256:8d0e9eb0894de1289dfa9556cf9411874df3111f3e84471256de6b2d75ecd829", "product_name": "Red Hat OpenShift distributed tracing 3.4", "release_date": "2024-12-11T00:00:00Z"}, {"advisory": "RHSA-2024:11255", "cpe": "cpe:/a:redhat:trusted_profile_analyzer:1.2::el9", "package": "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9:sha256:8c6e51e26ca9a1d4d4fc9e90650103e60360cf0571533c56fbd08dac3007efbe", "product_name": "Red Hat Trusted Profile Analyzer 1.2", "release_date": "2024-12-17T00:00:00Z"}, {"advisory": "RHSA-2024:11256", "cpe": "cpe:/a:redhat:trusted_profile_analyzer:1.2::el9", "package": "registry.redhat.io/rhtpa/rhtpa-guac-rhel9:sha256:9cc0e1374aa5e6ff8caf86d9bbd6f9c2dfa14d812ad99ae653a2fbb8ec124f30", "product_name": "Red Hat Trusted Profile Analyzer 1.2", "release_date": "2024-12-17T00:00:00Z"}], "bugzilla": {"description": "http-proxy-middleware: Denial of Service", "id": "2319884", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2319884"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-400", "details": ["Versions of the package http-proxy-middleware before 2.0.7, from 3.0.0 and before 3.0.3 are vulnerable to Denial of Service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. An attacker could kill the Node.js process and crash the server by making requests to certain paths.", "A flaw was found in the http-proxy-middleware package. Affected versions of this package are vulnerable to denial of service (DoS) due to an UnhandledPromiseRejection error thrown by micromatch. This flaw allows an attacker to kill the Node.js process and crash the server by requesting certain paths."], "mitigation": {"lang": "en:us", "value": "Red Hat Product Security does not have any mitigation recommendations at this time."}, "name": "CVE-2024-21536", "package_state": [{"cpe": "cpe:/a:redhat:cryostat:3", "fix_state": "Affected", "package_name": "io.cryostat-cryostat3", "product_name": "Cryostat 3"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/kibana6-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Will not fix", "package_name": "openshift-logging/logging-view-plugin-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:7", "fix_state": "Will not fix", "package_name": "mta/mta-cli-rhel9", "product_name": "Migration Toolkit for Applications 7"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:7", "fix_state": "Will not fix", "package_name": "mta/mta-ui-rhel9", "product_name": "Migration Toolkit for Applications 7"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Affected", "package_name": "migration-toolkit-virtualization/mtv-console-plugin-rhel9", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:multicluster_engine", "fix_state": "Not affected", "package_name": "multicluster-engine/console-mce-rhel8", "product_name": "Multicluster Engine for Kubernetes"}, {"cpe": "cpe:/a:redhat:workload_availability_node_healthcheck", "fix_state": "Will not fix", "package_name": "workload-availability/node-remediation-console-rhel8", "product_name": "Node HealthCheck Operator"}, {"cpe": "cpe:/a:redhat:openshift_lightspeed", "fix_state": "Affected", "package_name": "openshift-lightspeed-beta/lightspeed-console-plugin-rhel9", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:openshift_lightspeed", "fix_state": "Affected", "package_name": "openshift-lightspeed-tech-preview/lightspeed-console-plugin-rhel9", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines/pipelines-console-plugin-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Will not fix", "package_name": "openshift-pipelines/pipelines-hub-api-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Will not fix", "package_name": "openshift-pipelines/pipelines-hub-db-migration-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Affected", "package_name": "openshift-pipelines/pipelines-hub-ui-rhel8", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "org.kie.kogito-kogito-apps", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Affected", "package_name": "openshift-service-mesh/kiali-rhel8", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Affected", "package_name": "3scale-amp-system-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/console-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "aap-cloud-ui-container", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "ansible-automation-platform-25/lightspeed-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "automation-controller", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "automation-eda-controller", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Affected", "package_name": "automation-gateway", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:apache_camel_hawtio:4", "fix_state": "Affected", "package_name": "io.hawt-project", "product_name": "Red Hat build of Apache Camel - HawtIO 4"}, {"cpe": "cpe:/a:redhat:service_registry:2", "fix_state": "Affected", "package_name": "io.apicurio-apicurio-registry", "product_name": "Red Hat build of Apicurio Registry 2"}, {"cpe": "cpe:/a:redhat:optaplanner:::el6", "fix_state": "Will not fix", "package_name": "org.optaweb.vehiclerouting-optaweb-vehicle-routing", "product_name": "Red Hat build of OptaPlanner 8"}, {"cpe": "cpe:/a:redhat:connectivity_link:1", "fix_state": "Affected", "package_name": "rhcl-console-plugin-container", "product_name": "Red Hat Connectivity Link 1"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:8", "fix_state": "Will not fix", "package_name": "org.infinispan-infinispan-console", "product_name": "Red Hat Data Grid 8"}, {"cpe": "cpe:/a:redhat:rhdh:1", "fix_state": "Not affected", "package_name": "rhdh-operator-container", "product_name": "Red Hat Developer Hub"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "pcs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Will not fix", "package_name": "io.apicurio-apicurito", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Will not fix", "package_name": "io.syndesis-syndesis-parent", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Will not fix", "package_name": "io.syndesis-syndesis-ui", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Will not fix", "package_name": "io.apicurio-apicurio-registry", "product_name": "Red Hat Integration Camel K 1"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Affected", "package_name": "org.infinispan-infinispan-management-console", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Will not fix", "package_name": "odh-dashboard-container", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Will not fix", "package_name": "odh-operator-container", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/nmstate-console-plugin-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-console", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-monitoring-plugin-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "openshift4/ose-networking-console-plugin-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-dashboard-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-operator-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Will not fix", "package_name": "rhods/odh-rhel8-operator", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Not affected", "package_name": "devspaces/traefik-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Affected", "package_name": "rhosdt/jaeger-all-in-one-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Affected", "package_name": "rhosdt/jaeger-collector-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Affected", "package_name": "rhosdt/jaeger-es-index-cleaner-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Will not fix", "package_name": "rhosdt/jaeger-es-rollover-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Will not fix", "package_name": "rhosdt/jaeger-ingester-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:3", "fix_state": "Affected", "package_name": "rhosdt/jaeger-query-rhel8", "product_name": "Red Hat OpenShift distributed tracing 3"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-1/argocd-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-1/argo-rollouts-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-1/console-plugin-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-argocd-rhel9-container", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Will not fix", "package_name": "container-native-virtualization/kubevirt-console-plugin", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Will not fix", "package_name": "container-native-virtualization/kubevirt-console-plugin-rhel9", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "org.uberfire-uberfire-parent", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Not affected", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}], "public_date": "2024-10-19T05:00:04Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-21536\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-21536\nhttps://gist.github.com/mhassan1/28be67266d82a53708ed59ce5dc3c94a\nhttps://github.com/chimurai/http-proxy-middleware/commit/0b4274e8cc9e9a2c5a06f35fbf456ccfcebc55a5\nhttps://github.com/chimurai/http-proxy-middleware/commit/788b21e4aff38332d6319557d4a5b1b13b1f9a22\nhttps://security.snyk.io/vuln/SNYK-JS-HTTPPROXYMIDDLEWARE-8229906"], "threat_severity": "Moderate"}