Upgrade Amazon-Linux:2018.03 jasper-debuginfo to version 0:1.900.1-21.9.amzn1 or higher. This issue was patched in ALAS-2017-836 .

servicemesh-grafana-prometheus vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the servicemesh-grafana-prometheus package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Open Redirect	<0:6.4.3-13.el8
C Improperly Implemented Security Check for Standard	<0:6.2.2-25.el8
C Improper Access Control	<0:6.2.2-25.el8
C Incorrect Calculation of Buffer Size	<0:6.2.2-25.el8
M Improper Input Validation	*
M Resource Exhaustion	*
H Resource Exhaustion	<0:6.4.3-2.el8
H Incorrect Regular Expression	<0:6.4.3-2.el8
H Cross-site Scripting (XSS)	<0:6.4.3-11.el8
M Improper Input Validation	<0:6.2.2-36.el8
M Resource Exhaustion	*
M Resource Exhaustion	*
M Improperly Controlled Modification of Dynamically-Determined Object Attributes	*
M Improperly Controlled Modification of Dynamically-Determined Object Attributes	*
H Improperly Controlled Modification of Dynamically-Determined Object Attributes	*
H Improper Input Validation	<0:6.2.2-38.el8
H Improper Input Validation	<0:6.4.3-11.el8
H Deserialization of Untrusted Data	<0:6.2.2-38.el8
H Deserialization of Untrusted Data	<0:6.4.3-11.el8
M Resource Exhaustion	*
M Resource Exhaustion	*
M Resource Exhaustion	*
L Resource Exhaustion	*
M Resource Exhaustion	*
M Resource Exhaustion	*
M Resource Exhaustion	*
M NULL Pointer Dereference	*
M NULL Pointer Dereference	*
M Uncontrolled Recursion	*
M Uncontrolled Recursion	*
M OS Command Injection	*
M OS Command Injection	*
M OS Command Injection	*
M Missing Authorization	*
L Integer Overflow or Wraparound	*
L Integer Overflow or Wraparound	*
M Resource Exhaustion	*
M Improper Verification of Cryptographic Signature	*
M Improper Verification of Cryptographic Signature	*
M Improper Check for Dropped Privileges	*
M Integer Overflow or Wraparound	*
M Integer Overflow or Wraparound	*
L Arbitrary Code Injection	*
L Arbitrary Code Injection	*
H Improper Validation of Array Index	*
M Resource Exhaustion	*
M Improper Input Validation	*
M Access of Resource Using Incompatible Type ('Type Confusion')	*
M Access of Resource Using Incompatible Type ('Type Confusion')	*
M Access of Resource Using Incompatible Type ('Type Confusion')	*
H Authorization Bypass Through User-Controlled Key	*
H Authorization Bypass Through User-Controlled Key	*
M Authorization Bypass Through User-Controlled Key	*
M Resource Exhaustion	*
M Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	*
M OS Command Injection	*
M Resource Exhaustion	*
M Resource Exhaustion	*
M Resource Exhaustion	*
L Resource Exhaustion	*
L Resource Exhaustion	*
M Resource Exhaustion	*
M Resource Exhaustion	*
L Resource Exhaustion	*
L Resource Exhaustion	*
M Improper Input Validation	<0:6.4.3-13.el8
M Improper Input Validation	*
M Improper Input Validation	*
M Resource Exhaustion	*
M Resource Exhaustion	*
M Resource Exhaustion	*
M Resource Exhaustion	*
M Resource Exhaustion	*
H Resource Exhaustion	<0:6.4.3-11.el8
H Resource Exhaustion	<0:6.2.2-38.el8
M External Control of Assumed-Immutable Web Parameter	*
M Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
M Incorrect Implementation of Authentication Algorithm	*
M Information Exposure	*
M Inefficient Regular Expression Complexity	*
M Resource Exhaustion	*
M Authentication Bypass	*
M Inefficient Regular Expression Complexity	*
M Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	*
M Inefficient Regular Expression Complexity	*
H Cross-site Scripting (XSS)	*
H Improper Authentication	*
H Resource Exhaustion	*
M Open Redirect	*
L Insufficient Entropy	*
M Improper Privilege Management	*
H Time-of-check Time-of-use (TOCTOU)	*
M Overly Restrictive Regular Expression	*
M Overly Restrictive Regular Expression	*
M Allocation of Resources Without Limits or Throttling	*
M Integer Overflow or Wraparound	*
M Buffer Overflow	*
M Directory Traversal	*
M Missing Release of Resource after Effective Lifetime	*
M Cleartext Storage of Sensitive Information	*
M Resource Exhaustion	*
M Information Exposure	*
M Unchecked Return Value	*
M Incorrect Authorization	*
M Integer Overflow or Wraparound	*
M Incorrect Authorization	*
M Cross-site Scripting (XSS)	*
M Cross-site Request Forgery (CSRF)	*
M Information Exposure	*
M Open Redirect	*
L Directory Traversal	*
L Directory Traversal	*
M Information Exposure	*
H Resource Exhaustion	*
M Improper Input Validation	*
H Improperly Controlled Modification of Dynamically-Determined Object Attributes	*
M Improper Input Validation	*
L Cross-site Scripting (XSS)	*
L Cross-site Scripting (XSS)	*
M Resource Exhaustion	*
M Resource Exhaustion	*
M Resource Exhaustion	*
M Authorization Bypass Through User-Controlled Key	*
H Authorization Bypass Through User-Controlled Key	*
M Authorization Bypass Through User-Controlled Key	*
M Resource Exhaustion	*
M Link Following	*
M Link Following	*
M Race Condition	*
M Directory Traversal	*
M Directory Traversal	*
M Improper Input Validation	*
M Resource Exhaustion	*
M Improper Input Validation	*
M Improper Input Validation	*
L Resource Exhaustion	*
L Resource Exhaustion	*
L Resource Exhaustion	*
C Misinterpretation of Input	*
L Misinterpretation of Input	*
L Misinterpretation of Input	*
L Cross-site Scripting (XSS)	*
L Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	*
L Modification of Assumed-Immutable Data (MAID)	*
L Modification of Assumed-Immutable Data (MAID)	*
M Improperly Controlled Modification of Dynamically-Determined Object Attributes	*
L Improperly Controlled Modification of Dynamically-Determined Object Attributes	*
L Improperly Controlled Modification of Dynamically-Determined Object Attributes	*
L Arbitrary Argument Injection	*
L Arbitrary Argument Injection	*
L Cross-site Scripting (XSS)	*
L Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	*
M Cross-site Scripting (XSS)	*
L Incorrect Permission Assignment for Critical Resource	*
L Incorrect Permission Assignment for Critical Resource	*
H Cross-site Scripting (XSS)	<0:6.2.2-38.el8
H Cross-site Scripting (XSS)	<0:6.4.3-11.el8
H Cross-site Scripting (XSS)	<0:6.4.3-11.el8
H Cross-site Scripting (XSS)	<0:6.2.2-38.el8
M Incorrect Permission Assignment for Critical Resource	<0:6.2.2-36.el8
H Cross-site Scripting (XSS)	<0:6.4.3-11.el8
H Cross-site Scripting (XSS)	<0:6.2.2-38.el8
L Modification of Assumed-Immutable Data (MAID)	*
L Modification of Assumed-Immutable Data (MAID)	*
M Loop with Unreachable Exit Condition ('Infinite Loop')	<0:6.4.3-13.el8
M Improper Input Validation	<0:6.2.2-36.el8
H Server-Side Request Forgery (SSRF)	<0:6.2.2-38.el8
H Server-Side Request Forgery (SSRF)	<0:6.4.3-11.el8
M Incorrect Calculation	*
M Incorrect Calculation	*
M Incorrect Calculation	*
M Cross-site Scripting (XSS)	<0:6.4.3-13.el8
M Cross-site Scripting (XSS)	<0:6.2.2-36.el8
M Improper Certificate Validation	*
M Improper Certificate Validation	*
M Improper Certificate Validation	*
L Race Condition	<0:6.4.3-19.el8
L Loop with Unreachable Exit Condition ('Infinite Loop')	<0:6.4.3-19.el8
H Resource Exhaustion	<0:6.2.2-21.el8
H Resource Exhaustion	<0:6.2.2-21.el8
M Resource Exhaustion	*
M Improper Input Validation	*
M Arbitrary Code Injection	*
M Loop with Unreachable Exit Condition ('Infinite Loop')	*
M Arbitrary Code Injection	*
M Missing Authorization	*
L Missing Authorization	*
L Missing Authorization	*
M Allocation of Resources Without Limits or Throttling	*
M Resource Exhaustion	*
M Improper Handling of Length Parameter Inconsistency	<0:6.4.3-13.el8
M Resource Exhaustion	*
M Improper Input Validation	*

servicemesh-grafana-prometheus vulnerabilities

Direct Vulnerabilities

How to fix?