Description
The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.
Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat Advanced Cluster Management for Kubernetes 2 | |||
| acmesolver-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| acm-must-gather-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| acm-operator-bundle-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| application-ui-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| cainjector-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| cert-manager-controller-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| cert-manager-webhook-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| cert-policy-controller-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| clusterlifecycle-state-metrics-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| configmap-watcher-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| config-policy-controller-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| console-api-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| console-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| console-header-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| console-ui-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| endpoint-component-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| endpoint-monitoring-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| endpoint-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| governance-policy-propagator-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| governance-policy-spec-sync-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| governance-policy-status-sync-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| governance-policy-template-sync-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| grafana-dashboard-loader-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| grc-ui-api-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| grc-ui-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| iam-policy-controller-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| klusterlet-addon-lease-controller-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| klusterlet-operator-bundle-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| kui-web-terminal-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| management-ingress-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| mcm-topology-api-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| mcm-topology-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| memcached-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| memcached-exporter-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| metrics-collector-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| multicloud-manager-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| multiclusterhub-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| multiclusterhub-repo-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| multicluster-observability-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| multicluster-operators-application-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| multicluster-operators-channel-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| multicluster-operators-deployable-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| multicluster-operators-placementrule-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| multicluster-operators-subscription-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| multicluster-operators-subscription-release-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| observatorium-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| observatorium-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| openshift-hive-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| rbac-query-proxy-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| rcm-controller-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| redisgraph-tls-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| registration-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| registration-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| search-aggregator-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| search-api-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| search-collector-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| search-operator-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| search-ui-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| submariner-addon-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| thanos-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| thanos-receive-controller-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
| work-container | cpe:/a:redhat:acm:2.2::el7 | RHEA-2021:0729 | 2021-03-04T00:00:00Z |
No data available yet.
Remediation
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2021-1184 | The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call. |
 Github GHSA |
GHSA-rmh2-65xw-9m6q | Infinite Loop in jsonparser |
References
History
Sun, 08 Sep 2024 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat
Redhat acm |
|
| CPEs | cpe:/a:redhat:acm:2.2::el7 | |
| Vendors & Products |
Redhat
Redhat acm |
Mon, 19 Aug 2024 22:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:/a:redhat:acm:2.2::el8 |
|
| Vendors & Products |
Redhat
Redhat acm |
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-04T11:06:10.650Z
Reserved: 2020-03-19T00:00:00.000Z
Link: CVE-2020-10675
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-03-19T14:15:12.287
Modified: 2024-11-21T04:55:49.820
Link: CVE-2020-10675
Redhat
OpenCVE Enrichment
No data.
Weaknesses