RHSA-2021:3459MediumCVSS 7.2
Red Hat Security Advisory: Red Hat Virtualization Host security and bug fix update [ovirt-4.4.8]
🔗 CVE IDs covered (2)
📋 Description
CVE-2020-28500 — nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions CVE-2021-23337 — nodejs-lodash: command injection via template
🔗 References (9)
- selfhttps://access.redhat.com/errata/RHSA-2021:3459
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1928937
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1928954
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1948177
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1959436
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1984209
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1998017
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_3459.json