{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for crowbar-openstack, grafana, influxdb, python-urllib3","title":"Title of the patch"},{"category":"description","text":"This update for crowbar-openstack, grafana, influxdb, python-urllib3 contains the following fixes:\n\nSecurity fixes included in this update:\n\nopenstack-glance\n- CVE-2016-8611: Added rate limiting for glance api (bnc#1005886)\n\ngrafana\n- CVE-2020-24303: Fixed an XSS via a query alias for the ElasticSearch datasource (#bnc#1178243)\n\ninfluxdb\n- CVE-2019-20933: Fixed an authentication bypass (bnc#1178988)\n\npython-urlib3\n- CVE-2019-9740: Fixed a CRLF injection in urllib3 (bnc#1129071).\n- CVE-2020-26137: Fixed a CRLF injection via HTTP request method (bnc#1177120)\n\nmemcached\n- CVE-2018-1000115: Fixed a issue where a UDP server allowed spoofed traffic amplification DoS (bnc#1083903).\n\nNon-security fixes included in this update:\n\nChanges in crowbar-openstack:\n- Update to version 4.0+git.1604938545.30c10db18:\n  * rabbitmq: Fix crm running check (SOC-11240)\n\nChanges in grafana:\n- Fix bnc#1178243 CVE-2020-24303 by adding\n  25401-Fix-XSS-vulnerability-with-series-overrides.patch\n\nChanges in influxdb:\n- Add CVE-2019-20933.patch (bnc#1178988, CVE-2019-20933) to\n  fix authentication bypass_\n- Declare license files correctly\n\n- Version 1.2.4:\n  * The stress tool influx_stress will be removed in a subsequent\n    release.\n  * Remove the override of GOMAXPROCS.\n  * Uncomment section headers from the default configuration file.\n  * Improve write performance significantly.\n  * Prune data in meta store for deleted shards.\n  * Update latest dependencies with Godeps.\n  * Introduce syntax for marking a partial response with chunking.\n  * Use X-Forwarded-For IP address in HTTP logger if present.\n  * Add support for secure transmission via collectd.\n  * Switch logging to use structured logging everywhere.\n  * [CLI feature request] USE retention policy for queries.\n  * Add clear command to cli.\n  * Adding ability to use parameters in queries in the v2 client\n    using the Parameters map in the Query struct.\n  * Allow add items to array config via ENV\n  * Support subquery execution in the query language.\n  * Verbose output for SSL connection errors.\n  * Cache snapshotting performance improvements\n\n- Partially revert previous change to fix build for Leap\n\nChanges in python-urllib3:\n- Update urllib3-fix-test-urls.patch. Adjust to match upstream solution.\n\n- Add urllib3-fix-test-urls.patch. Fix tests failing on python checks for\n  CVE-2019-9740.\n\n- Add urllib3-cve-2020-26137.patch. Don't allow control chars in request\n  method. (bnc#1177120, CVE-2020-26137)\n\n  ","title":"Description of the patch"},{"category":"details","text":"SUSE-2020-3624,SUSE-OpenStack-Cloud-7-2020-3624","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3624-1.json"},{"category":"self","summary":"URL for SUSE-SU-2020:3624-1","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20203624-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2020:3624-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2020-December/007916.html"},{"category":"self","summary":"SUSE Bug 1005886","url":"https://bugzilla.suse.com/1005886"},{"category":"self","summary":"SUSE Bug 1170479","url":"https://bugzilla.suse.com/1170479"},{"category":"self","summary":"SUSE Bug 1177120","url":"https://bugzilla.suse.com/1177120"},{"category":"self","summary":"SUSE Bug 1178243","url":"https://bugzilla.suse.com/1178243"},{"category":"self","summary":"SUSE Bug 1178988","url":"https://bugzilla.suse.com/1178988"},{"category":"self","summary":"SUSE CVE CVE-2016-8611 page","url":"https://www.suse.com/security/cve/CVE-2016-8611/"},{"category":"self","summary":"SUSE CVE CVE-2019-20933 page","url":"https://www.suse.com/security/cve/CVE-2019-20933/"},{"category":"self","summary":"SUSE CVE CVE-2019-9740 page","url":"https://www.suse.com/security/cve/CVE-2019-9740/"},{"category":"self","summary":"SUSE CVE CVE-2020-24303 page","url":"https://www.suse.com/security/cve/CVE-2020-24303/"},{"category":"self","summary":"SUSE CVE CVE-2020-26137 page","url":"https://www.suse.com/security/cve/CVE-2020-26137/"}],"title":"Security update for crowbar-openstack, grafana, influxdb, python-urllib3","tracking":{"current_release_date":"2020-12-04T11:50:23Z","generator":{"date":"2020-12-04T11:50:23Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2020:3624-1","initial_release_date":"2020-12-04T11:50:23Z","revision_history":[{"date":"2020-12-04T11:50:23Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"grafana-6.7.4-1.20.1.aarch64","product":{"name":"grafana-6.7.4-1.20.1.aarch64","product_id":"grafana-6.7.4-1.20.1.aarch64"}},{"category":"product_version","name":"influxdb-1.2.4-5.1.aarch64","product":{"name":"influxdb-1.2.4-5.1.aarch64","product_id":"influxdb-1.2.4-5.1.aarch64"}},{"category":"product_version","name":"influxdb-devel-1.2.4-5.1.aarch64","product":{"name":"influxdb-devel-1.2.4-5.1.aarch64","product_id":"influxdb-devel-1.2.4-5.1.aarch64"}}],"category":"architecture","name":"aarch64"},{"branches":[{"category":"product_version","name":"crowbar-openstack-4.0+git.1604938545.30c10db18-9.77.1.noarch","product":{"name":"crowbar-openstack-4.0+git.1604938545.30c10db18-9.77.1.noarch","product_id":"crowbar-openstack-4.0+git.1604938545.30c10db18-9.77.1.noarch"}},{"category":"product_version","name":"python-urllib3-1.16-3.12.1.noarch","product":{"name":"python-urllib3-1.16-3.12.1.noarch","product_id":"python-urllib3-1.16-3.12.1.noarch"}}],"category":"architecture","name":"noarch"},{"branches":[{"category":"product_version","name":"grafana-6.7.4-1.20.1.ppc64le","product":{"name":"grafana-6.7.4-1.20.1.ppc64le","product_id":"grafana-6.7.4-1.20.1.ppc64le"}},{"category":"product_version","name":"influxdb-1.2.4-5.1.ppc64le","product":{"name":"influxdb-1.2.4-5.1.ppc64le","product_id":"influxdb-1.2.4-5.1.ppc64le"}},{"category":"product_version","name":"influxdb-devel-1.2.4-5.1.ppc64le","product":{"name":"influxdb-devel-1.2.4-5.1.ppc64le","product_id":"influxdb-devel-1.2.4-5.1.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"grafana-6.7.4-1.20.1.s390x","product":{"name":"grafana-6.7.4-1.20.1.s390x","product_id":"grafana-6.7.4-1.20.1.s390x"}},{"category":"product_version","name":"influxdb-1.2.4-5.1.s390x","product":{"name":"influxdb-1.2.4-5.1.s390x","product_id":"influxdb-1.2.4-5.1.s390x"}},{"category":"product_version","name":"influxdb-devel-1.2.4-5.1.s390x","product":{"name":"influxdb-devel-1.2.4-5.1.s390x","product_id":"influxdb-devel-1.2.4-5.1.s390x"}}],"category":"architecture","name":"s390x"},{"branches":[{"category":"product_version","name":"grafana-6.7.4-1.20.1.x86_64","product":{"name":"grafana-6.7.4-1.20.1.x86_64","product_id":"grafana-6.7.4-1.20.1.x86_64"}},{"category":"product_version","name":"influxdb-1.2.4-5.1.x86_64","product":{"name":"influxdb-1.2.4-5.1.x86_64","product_id":"influxdb-1.2.4-5.1.x86_64"}},{"category":"product_version","name":"influxdb-devel-1.2.4-5.1.x86_64","product":{"name":"influxdb-devel-1.2.4-5.1.x86_64","product_id":"influxdb-devel-1.2.4-5.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE OpenStack Cloud 7","product":{"name":"SUSE OpenStack Cloud 7","product_id":"SUSE OpenStack Cloud 7","product_identification_helper":{"cpe":"cpe:/o:suse:suse-openstack-cloud:7"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"crowbar-openstack-4.0+git.1604938545.30c10db18-9.77.1.noarch as component of SUSE OpenStack Cloud 7","product_id":"SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1604938545.30c10db18-9.77.1.noarch"},"product_reference":"crowbar-openstack-4.0+git.1604938545.30c10db18-9.77.1.noarch","relates_to_product_reference":"SUSE OpenStack Cloud 7"},{"category":"default_component_of","full_product_name":{"name":"grafana-6.7.4-1.20.1.x86_64 as component of SUSE OpenStack Cloud 7","product_id":"SUSE OpenStack Cloud 7:grafana-6.7.4-1.20.1.x86_64"},"product_reference":"grafana-6.7.4-1.20.1.x86_64","relates_to_product_reference":"SUSE OpenStack Cloud 7"},{"category":"default_component_of","full_product_name":{"name":"influxdb-1.2.4-5.1.x86_64 as component of SUSE OpenStack Cloud 7","product_id":"SUSE OpenStack Cloud 7:influxdb-1.2.4-5.1.x86_64"},"product_reference":"influxdb-1.2.4-5.1.x86_64","relates_to_product_reference":"SUSE OpenStack Cloud 7"},{"category":"default_component_of","full_product_name":{"name":"python-urllib3-1.16-3.12.1.noarch as component of SUSE OpenStack Cloud 7","product_id":"SUSE OpenStack Cloud 7:python-urllib3-1.16-3.12.1.noarch"},"product_reference":"python-urllib3-1.16-3.12.1.noarch","relates_to_product_reference":"SUSE OpenStack Cloud 7"}]},"vulnerabilities":[{"cve":"CVE-2016-8611","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-8611"}],"notes":[{"category":"general","text":"A vulnerability was found in Openstack Glance. No limits are enforced within the Glance image service for both v1 and v2 `/images` API POST method for authenticated users, resulting in possible denial of service attacks through database table saturation.","title":"CVE description"}],"product_status":{"recommended":["SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1604938545.30c10db18-9.77.1.noarch","SUSE OpenStack Cloud 7:grafana-6.7.4-1.20.1.x86_64","SUSE OpenStack Cloud 7:influxdb-1.2.4-5.1.x86_64","SUSE OpenStack Cloud 7:python-urllib3-1.16-3.12.1.noarch"]},"references":[{"category":"external","summary":"CVE-2016-8611","url":"https://www.suse.com/security/cve/CVE-2016-8611"},{"category":"external","summary":"SUSE Bug 1005886 for CVE-2016-8611","url":"https://bugzilla.suse.com/1005886"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1604938545.30c10db18-9.77.1.noarch","SUSE OpenStack Cloud 7:grafana-6.7.4-1.20.1.x86_64","SUSE OpenStack Cloud 7:influxdb-1.2.4-5.1.x86_64","SUSE OpenStack Cloud 7:python-urllib3-1.16-3.12.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","version":"3.0"},"products":["SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1604938545.30c10db18-9.77.1.noarch","SUSE OpenStack Cloud 7:grafana-6.7.4-1.20.1.x86_64","SUSE OpenStack Cloud 7:influxdb-1.2.4-5.1.x86_64","SUSE OpenStack Cloud 7:python-urllib3-1.16-3.12.1.noarch"]}],"threats":[{"category":"impact","date":"2020-12-04T11:50:23Z","details":"low"}],"title":"CVE-2016-8611"},{"cve":"CVE-2019-20933","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-20933"}],"notes":[{"category":"general","text":"InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).","title":"CVE description"}],"product_status":{"recommended":["SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1604938545.30c10db18-9.77.1.noarch","SUSE OpenStack Cloud 7:grafana-6.7.4-1.20.1.x86_64","SUSE OpenStack Cloud 7:influxdb-1.2.4-5.1.x86_64","SUSE OpenStack Cloud 7:python-urllib3-1.16-3.12.1.noarch"]},"references":[{"category":"external","summary":"CVE-2019-20933","url":"https://www.suse.com/security/cve/CVE-2019-20933"},{"category":"external","summary":"SUSE Bug 1178988 for CVE-2019-20933","url":"https://bugzilla.suse.com/1178988"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1604938545.30c10db18-9.77.1.noarch","SUSE OpenStack Cloud 7:grafana-6.7.4-1.20.1.x86_64","SUSE OpenStack Cloud 7:influxdb-1.2.4-5.1.x86_64","SUSE OpenStack Cloud 7:python-urllib3-1.16-3.12.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":7.5,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","version":"3.1"},"products":["SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1604938545.30c10db18-9.77.1.noarch","SUSE OpenStack Cloud 7:grafana-6.7.4-1.20.1.x86_64","SUSE OpenStack Cloud 7:influxdb-1.2.4-5.1.x86_64","SUSE OpenStack Cloud 7:python-urllib3-1.16-3.12.1.noarch"]}],"threats":[{"category":"impact","date":"2020-12-04T11:50:23Z","details":"important"}],"title":"CVE-2019-20933"},{"cve":"CVE-2019-9740","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2019-9740"}],"notes":[{"category":"general","text":"An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \\r\\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.","title":"CVE description"}],"product_status":{"recommended":["SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1604938545.30c10db18-9.77.1.noarch","SUSE OpenStack Cloud 7:grafana-6.7.4-1.20.1.x86_64","SUSE OpenStack Cloud 7:influxdb-1.2.4-5.1.x86_64","SUSE OpenStack Cloud 7:python-urllib3-1.16-3.12.1.noarch"]},"references":[{"category":"external","summary":"CVE-2019-9740","url":"https://www.suse.com/security/cve/CVE-2019-9740"},{"category":"external","summary":"SUSE Bug 1129071 for CVE-2019-9740","url":"https://bugzilla.suse.com/1129071"},{"category":"external","summary":"SUSE Bug 1130840 for CVE-2019-9740","url":"https://bugzilla.suse.com/1130840"},{"category":"external","summary":"SUSE Bug 1132663 for CVE-2019-9740","url":"https://bugzilla.suse.com/1132663"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1604938545.30c10db18-9.77.1.noarch","SUSE OpenStack Cloud 7:grafana-6.7.4-1.20.1.x86_64","SUSE OpenStack Cloud 7:influxdb-1.2.4-5.1.x86_64","SUSE OpenStack Cloud 7:python-urllib3-1.16-3.12.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":5.4,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N","version":"3.0"},"products":["SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1604938545.30c10db18-9.77.1.noarch","SUSE OpenStack Cloud 7:grafana-6.7.4-1.20.1.x86_64","SUSE OpenStack Cloud 7:influxdb-1.2.4-5.1.x86_64","SUSE OpenStack Cloud 7:python-urllib3-1.16-3.12.1.noarch"]}],"threats":[{"category":"impact","date":"2020-12-04T11:50:23Z","details":"moderate"}],"title":"CVE-2019-9740"},{"cve":"CVE-2020-24303","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-24303"}],"notes":[{"category":"general","text":"Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.","title":"CVE description"}],"product_status":{"recommended":["SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1604938545.30c10db18-9.77.1.noarch","SUSE OpenStack Cloud 7:grafana-6.7.4-1.20.1.x86_64","SUSE OpenStack Cloud 7:influxdb-1.2.4-5.1.x86_64","SUSE OpenStack Cloud 7:python-urllib3-1.16-3.12.1.noarch"]},"references":[{"category":"external","summary":"CVE-2020-24303","url":"https://www.suse.com/security/cve/CVE-2020-24303"},{"category":"external","summary":"SUSE Bug 1178243 for CVE-2020-24303","url":"https://bugzilla.suse.com/1178243"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1604938545.30c10db18-9.77.1.noarch","SUSE OpenStack Cloud 7:grafana-6.7.4-1.20.1.x86_64","SUSE OpenStack Cloud 7:influxdb-1.2.4-5.1.x86_64","SUSE OpenStack Cloud 7:python-urllib3-1.16-3.12.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":5.4,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","version":"3.1"},"products":["SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1604938545.30c10db18-9.77.1.noarch","SUSE OpenStack Cloud 7:grafana-6.7.4-1.20.1.x86_64","SUSE OpenStack Cloud 7:influxdb-1.2.4-5.1.x86_64","SUSE OpenStack Cloud 7:python-urllib3-1.16-3.12.1.noarch"]}],"threats":[{"category":"impact","date":"2020-12-04T11:50:23Z","details":"moderate"}],"title":"CVE-2020-24303"},{"cve":"CVE-2020-26137","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2020-26137"}],"notes":[{"category":"general","text":"urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.","title":"CVE description"}],"product_status":{"recommended":["SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1604938545.30c10db18-9.77.1.noarch","SUSE OpenStack Cloud 7:grafana-6.7.4-1.20.1.x86_64","SUSE OpenStack Cloud 7:influxdb-1.2.4-5.1.x86_64","SUSE OpenStack Cloud 7:python-urllib3-1.16-3.12.1.noarch"]},"references":[{"category":"external","summary":"CVE-2020-26137","url":"https://www.suse.com/security/cve/CVE-2020-26137"},{"category":"external","summary":"SUSE Bug 1177120 for CVE-2020-26137","url":"https://bugzilla.suse.com/1177120"},{"category":"external","summary":"SUSE Bug 1177211 for CVE-2020-26137","url":"https://bugzilla.suse.com/1177211"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1604938545.30c10db18-9.77.1.noarch","SUSE OpenStack Cloud 7:grafana-6.7.4-1.20.1.x86_64","SUSE OpenStack Cloud 7:influxdb-1.2.4-5.1.x86_64","SUSE OpenStack Cloud 7:python-urllib3-1.16-3.12.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":5.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N","version":"3.1"},"products":["SUSE OpenStack Cloud 7:crowbar-openstack-4.0+git.1604938545.30c10db18-9.77.1.noarch","SUSE OpenStack Cloud 7:grafana-6.7.4-1.20.1.x86_64","SUSE OpenStack Cloud 7:influxdb-1.2.4-5.1.x86_64","SUSE OpenStack Cloud 7:python-urllib3-1.16-3.12.1.noarch"]}],"threats":[{"category":"impact","date":"2020-12-04T11:50:23Z","details":"moderate"}],"title":"CVE-2020-26137"}]}