{"id":"RLSA-2022:0290","summary":"Important: parfait:0.5 security update","details":"Parfait is a Java performance monitoring library that collects metrics and exposes them through a variety of outputs. It provides APIs for extracting performance metrics from the JVM and other sources. It interfaces to Performance Co-Pilot (PCP) using the Memory Mapped Value (MMV) machinery for extremely lightweight instrumentation.\n\nSecurity Fix(es):\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-03-11T06:01:45.585628Z","published":"2022-01-26T14:27:19Z","upstream":["CVE-2021-4104","CVE-2022-23302","CVE-2022-23305","CVE-2022-23307"],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2022:0290"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2031667"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2041949"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2041959"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2041967"}],"affected":[{"package":{"name":"parfait","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/parfait?distro=rocky-linux-8-x86-64&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.5.4-4.module+el8.5.0+728+553fbdb8"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:0290.json"}},{"package":{"name":"si-units","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/si-units?distro=rocky-linux-8-x86-64&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.6.5-2.module+el8.3.0+214+edf13b3f"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:0290.json"}},{"package":{"name":"unit-api","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/unit-api?distro=rocky-linux-8-x86-64&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.0-5.module+el8.3.0+214+edf13b3f"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:0290.json"}},{"package":{"name":"uom-lib","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/uom-lib?distro=rocky-linux-8-x86-64&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.0.1-6.module+el8.3.0+214+edf13b3f"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:0290.json"}},{"package":{"name":"uom-parent","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/uom-parent?distro=rocky-linux-8-x86-64&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.0.3-3.module+el8.3.0+214+edf13b3f"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:0290.json"}},{"package":{"name":"uom-se","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/uom-se?distro=rocky-linux-8-x86-64&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.0.4-3.module+el8.3.0+214+edf13b3f"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:0290.json"}},{"package":{"name":"uom-systems","ecosystem":"Rocky Linux:8","purl":"pkg:rpm/rocky-linux/uom-systems?distro=rocky-linux-8-x86-64&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.7-1.module+el8.3.0+214+edf13b3f"}],"database_specific":{"yum_repository":"AppStream"}}],"database_specific":{"source":"https://storage.googleapis.com/resf-osv-data/RLSA-2022:0290.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}